Kazu

Also known as: Kazu, kazu

Kazu is a financially motivated ransomware group known for employing a double extortion model, targeting sectors such as healthcare and government. The group has claimed responsibility for multiple high-profile breaches, including those of Manage My Health and the DefensorΓ­a del Pueblo de Colombia, exfiltrating sensitive data through techniques like exploiting unpatched vulnerabilities and credential reuse. Kazu has demanded ransoms ranging from $60,000 to $500,000, threatening public disclosure of stolen data if payments are not made. Their operations have primarily focused on entities in Latin America, Asia, and the Middle East, with a notable presence on dark web leak sites.

Introduction

Kazu is a financially motivated ransomware group known for employing a double extortion model, targeting sectors such as healthcare and government. The group has claimed responsibility for multiple high-profile breaches, including those of Manage My Health and the DefensorΓ­a del Pueblo de Colombia, exfiltrating sensitive data through techniques like exploiting unpatched vulnerabilities and credential reuse. Kazu has demanded ransoms ranging from $60,000 to $500,000, threatening public disclosure of stolen data if payments are not made. Their operations have primarily focused on entities in Latin America, Asia, and the Middle East, with a notable presence on dark web leak sites.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Dark DDoSeR
  • Xploit

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.