Cyber Sleuth HelloKitty Rebranded as HelloGookie and Leaks Data from CD Projekt Red and Cisco

The authors of the HelloKitty ransomware have announced a name change to HelloGookie and have published passwords for previously leaked data from CD Projekt Red and Cisco, as well as decryption keys for older attacks.

The perpetrator behind this statement, known by the aliases Gookee and kapuchin0, claims to be the creator of the HelloKitty malware.

It’s worth recalling that the HelloKitty ransomware first appeared in 2020, actively targeting corporate networks, stealing data, and encrypting systems. The group made its first high-profile attack in February 2021 when hackers , the creators of games like Cyberpunk 2077, The Witcher 3, and Gwent, encrypting the company’s servers and stealing source code. HelloKitty representatives later claimed to have sold the stolen data on the dark web.

In 2022, another ransomware group, Yanluowang, . A leak of internal chat logs revealed a potential close connection between Yanluowang and the developer behind HelloKitty, who used the alias Guki in conversations.

Last year, on a Russian-speaking hacking forum, the source code for HelloKitty was . The suspected malware author hiding behind kapuchin0 proclaimed that they were developing a new, more powerful encryptor and no longer needed HelloKitty.

As reported by cybersecurity researcher 3xp0rt, the recent rebranding of the encryptor to HelloGookie was accompanied by the launch of a new dark web site.

To mark the launch, the ransomware operators published four private decryption keys for old versions of HelloKitty on the new site, which can be used to decrypt files affected in past attacks.

Additionally, internal information stolen from Cisco during the 2022 attack and passwords for the stolen source code of Gwent, The Witcher 3, and Red Engine from CD Projekt Red were disclosed.

Bleeping Computer reports that a representative of the group compiling The Witcher 3 from leaked source codes, known as sventek, revealed that the leak contained 450 GB of data, including source code for The Witcher 3, Gwent, Cyberpunk, various console SDKs (PS4/PS5 XBOX NINTENDO), and some build logs. The dump includes binaries that allow developers to run a build of The Witcher 3.

Regarding the data stolen from Cisco, the leak includes a list of NT LAN Manager (NTLM) hashes, presumably extracted during the company’s system breach. In 2022, Cisco being targeted by the Yanluowang group, stating that the incident was limited to the theft of insignificant data from one user account.

As journalists note, kapuchin0’s access to this data indicates closer collaboration between Yanluowang and HelloKitty than previously believed.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment