CyberVolk Declares Cyberwar Against Europe, Japan and the U.S. Under Operation BlackEye

• The India and Russia-linked hacktivists will target organizations with ransomware, DDoS, and phishing attacks
• The main objective behind the campaign by CyberVolk is not known so far
• It is declared that they will launch cyber attacks under the campaign Operation BlackEye

The CyberVolk hacktivists have announced that they will be targeting Japan, the United States, and Europe with cyber attacks. Calling the mission ‘Operation Blackeye,’ CyberVolk has declared a cyber offensive against them. 

The group, allegedly originating in India, will target the nations with ransomware attacks, data breaches, and coordinated DDoS attacks. They will gain initial access via phishing campaigns. 

According to CyberKnow, a threat intelligence service provider, CyberVolk has launched DDoS attacks. “The group has conducted DDoS, defacement attacks, and has at one point used ransomware to varying levels of success,” a post by the threat intelligence platform added.

The intent behind the threats or Operation BlackEye is not known yet. However, a SentinelLabs report highlighted that the group targets organizations primarily in the service of Russian interests. They claimed responsibility for several ransomware attacks between June and October 2024.

The politically motivated group launched its own RaaS in June 2024, reflecting a shared codebase with AzzaSec and DoubleFace ransomware. They have collaborated with DDoS-focused groups like NoName057(16) and others. 

Their ransomware is based on the AzzaSec ransomware code and is equipped to terminate processes belonging to Microsoft Management Console or Task Manager. 

PCrisk, a security news and threat intelligence portal, published a report on how to remove the CyberVolk BlackEye ransomware. They determined that their distribution method involves sending infected email attachments or showing malicious ads on the screen.

Researchers warned about the permanent loss of files because more often than not, the attackers hold control over the decryption mechanism and manage to delete the data, sometimes despite being paid a ransom.