• CyberVolk/GLORIAMIST is a hacktivist collective originating in India with pro-Russia leanings. Between June and October 2024, CyberVolk claimed responsibility for multiple ransomware attacks.
• The main objective of CyberVolk and related groups is to leverage geopolitical issues to launch and justify attacks on public and government entities, primarily in the service of Russian government interests.
• SentinelLabs has observed a shared codebase used by CyberVolk, AzzaSec and DoubleFace’s ransomware. Additionally, CyberVolk has promoted other ransomware families like HexaLocker and Parano. These groups and the tools they leverage are all closely intertwined.
• These hacktivist groups are extremely dynamic and volatile. In-fighting, threats, and inflated political-posturing are common, leading to fragmentation and the rapid re-shaping of the hacktivist threat landscape.