{"id":17458,"date":"2018-10-30T21:00:00","date_gmt":"2018-10-30T21:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/kraken-resurfaces-from-the-deep-web\/d\/d-id\/1333155"},"modified":"2018-10-30T21:00:00","modified_gmt":"2018-10-30T21:00:00","slug":"kraken-resurfaces-from-the-deep-web","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/","title":{"rendered":"Kraken Resurfaces From the Deep Web"},"content":{"rendered":"<header>\n<\/header>\n<p><span class=\"strong black\">Fallout Exploit Kit releases Kraken Cryptor ransomware, giving the simple threat a much larger target pool.<\/span> <\/p>\n<p class=\"\">The Kraken Cryptor ransomware has been spotted in the Fallout Exploit Kit, resurfacing an old threat and hinting at the future of ransomware-as-a-service (RaaS).<\/p>\n<p>Kraken has had a &#8220;notable development path&#8221; over the past few months, report experts from McAfee&#8217;s Advanced Threat Research team and Recorded Future&#8217;s Insikt group, who collaborated on this analysis. Kraken\u00a0was spotted in mid-August on a Dark Web forum; in September, its developer disguised the ransomware as a security tool and put it on SuperAntiSpyware. When visitors tried to download legitimate antispyware software, they were infected.<\/p>\n<p>Kraken&#8217;s presence strengthened toward the end of September, when a security researcher found it bundled in the Fallout Exploit Kit, which is known for deploying <a href=\"https:\/\/www.darkreading.com\/endpoint\/gandcrab-ransomware-continues-to-evolve-but-cant-spread-via-smb-shares-yet\/d\/d-id\/1332296\" target=\"_blank\">Gandcrab<\/a> ransomware. Researchers found evidence of Kraken authors asking the Fallout team to add its malware. Their partnership gives Kraken a new vector for criminals to deliver the threat, they report.<\/p>\n<p>What&#8217;s interesting about Kraken, says Andrei Barysavich, director of advanced collection at Recorded Future,\u00a0is instead of adding complex features and functionality \u2013 such as customer support, chat, or live decryption of test files \u2013 its developers decided to stick with the basics. Kraken exclusively uses email to communicate with its affiliate members and its victims, which keeps things subtle.<\/p>\n<p>&#8220;This ransomware is very, very simple, which actually gives it a lot of resiliency when it comes to attempts to takedown from law enforcement or security researchers,&#8221; he explains. If you rely on email, he adds, there is only one single point of failure where an email can be confiscated or subpoenaed by law enforcement. A control panel, which is more advanced, would display Kraken&#8217;s victims, incoming and outgoing messages, and files uploaded.<\/p>\n<p>Kraken&#8217;s inclusion in the Fallout Exploit kit &#8220;is quite significant,&#8221; Barysavich says. The kit is fairly popular among cybercriminals, and several groups operate it. Exploit kits spread through coordinated campaigns, he adds, which would drastically increase the number of Kraken&#8217;s targets.<\/p>\n<p>&#8220;It is incredibly significant given the number of potentially exposed victims,&#8221; Barysavich says.<\/p>\n<p>Kraken made its Fallout debut with a Russian announcement that detailed its features: fully autonomous, collects system data as an encrypted message for reference, uses a hybrid combination of encryption algorithms, and makes it impossible to recover data without payment. It&#8217;s prohibited from being used in certain countries, including Russia, Ukraine, Iran, Armenia, Belarus, Estonia, Georgia, Latvia, Kazakhstan, Moldova, Turkmenistan, and Uzbekistan.<\/p>\n<p>John Fokker, head of cyber investigations at McAfee, calls Kraken one of the new and upcoming RaaS campaigns being launched.<\/p>\n<p>&#8220;In the initial underground postings, it looked as if Kraken was still figuring out its business model, but Kraken has evolved since then by partnering with other key cybercrime services and being very communicative in the underground scene,&#8221; he explains.<\/p>\n<p><strong>RaaS: When Families Work Together<br \/><\/strong>Like other ransomware families, Kraken is part of an affiliate program otherwise known as RaaS. Every 15 days, participants get a new Kraken build updated to keep it hidden from security tools. When a victim pays a ransom, the affiliate member sends a percentage to RaaS developers, who pass along a decryption key to send to the victim.<\/p>\n<p>The system ensures members pay the affiliate program and still make money themselves. Affiliates have to pay $50 and submit an application to be accepted in the program.<\/p>\n<p>Kraken&#8217;s developers released the second version of their affiliate program on Oct. 21, a sign the ransomware is proving popular. To drive customers, the authors created a video to showcase its capabilities, including the speed at which it can encrypt data. Kraken uses external tools, such as SDelete from the Sysinternals suite, to delete files and make file recovery tougher. It encrypts user files with a random name and sends a note demanding payment to get them back.<\/p>\n<p>While at first glance Kraken resembles some of the other RaaS families, underground forum discussions indicate it doesn&#8217;t seem to be from the aforementioned countries, Fokker says.<\/p>\n<p>&#8220;Also, the programming language and encryption scheme used isn&#8217;t typical for the larger, well-known ransomware families,&#8221; he explains. &#8220;It almost looks like they are imitating some of the bigger families.&#8221;<\/p>\n<p><strong>Who Released Kraken?<br \/><\/strong>While Fokker says researchers can&#8217;t yet share details on a specific group, they do believe the adversaries behind this are neither native English nor Russian-speaking. Based on the Russian language used in forum posts, it seems an automated translation service was used. While the\u00a0adversaries have a better grasp on English, they consistently make errors in sentence structure and spelling.<\/p>\n<p>Researchers note the person linked to Kraken (who operates under the apt username ThisWasKraken) uses a paid forum account. This is unusual \u2013 paid accounts are common on Dark Web forums, but\u00a0adversaries offering services like ransomware have typically earned the trust of high-level members and use free accounts. Paid members are more distrusted.<\/p>\n<p>ThisWasKraken messaged the operators behind the Fallout Exploit Kit to request permission to join. Researchers don&#8217;t think this user was directly involved in the development of the ransomware and has a more customer-facing role.<\/p>\n<p>Fokker believes this trend is one to watch. As actors turn cybercrime into a service, they make threats more broadly accessible to everyone. He advises businesses to back up their data, test backups, keep security tools up to date, deploy new patches, and raise security awareness.<\/p>\n<p>&#8220;Success creates success,&#8221; he explains. &#8220;As long as the new RaaS groups get enough room and safety to grow and optimize their operations, it will be a profitable market and attract new players on the market.&#8221;<\/p>\n<p><strong>Related Content:<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\" alt=\"\" width=\"468\" height=\"60\"\/><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><em><strong>Black Hat Europe returns to London Dec 3-6 2018\u00a0 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall.\u00a0<\/strong><\/em><em><strong>Click for information on the <a href=\"https:\/\/www.blackhat.com\/eu-18\/\" target=\"_blank\">conference<\/a>\u00a0and <a href=\"https:\/\/blackhat.tech.ubm.com\/europe\/2018\/?_mc=nlad_x_insecr_le_tsnr_insec_x_x-bht&amp;\" target=\"_blank\">to register.<\/a><\/strong><\/em><\/p>\n<p><span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span> <\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/kraken-resurfaces-from-the-deep-web\/d\/d-id\/1333155?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fallout Exploit Kit releases Kraken Cryptor ransomware, giving the simple threat a much larger target pool. Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/kraken-resurfaces-from-the-deep-web\/d\/d-id\/1333155?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-17458","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Kraken Resurfaces From the Deep Web 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kraken Resurfaces From the Deep Web 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-10-30T21:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Kraken Resurfaces From the Deep Web\",\"datePublished\":\"2018-10-30T21:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/\"},\"wordCount\":1031,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/\",\"name\":\"Kraken Resurfaces From the Deep Web 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"datePublished\":\"2018-10-30T21:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/kraken-resurfaces-from-the-deep-web\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kraken Resurfaces From the Deep Web\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kraken Resurfaces From the Deep Web 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/","og_locale":"en_US","og_type":"article","og_title":"Kraken Resurfaces From the Deep Web 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-10-30T21:00:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Kraken Resurfaces From the Deep Web","datePublished":"2018-10-30T21:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/"},"wordCount":1031,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/","url":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/","name":"Kraken Resurfaces From the Deep Web 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","datePublished":"2018-10-30T21:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","contentUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/kraken-resurfaces-from-the-deep-web\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Kraken Resurfaces From the Deep Web"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/17458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=17458"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/17458\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=17458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=17458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=17458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}