LOCKBIT GREEN

RANSOMWARE

LOCKBIT GREEN is a ransomware group that primarily targets large enterprises and critical infrastructure sectors, though specific vendor products remain undisclosed. The group's initial access vector is not definitively known but shows a preference for exploiting vulnerabilities to gain entry into networks. Once inside, LOCKBIT GREEN employs double extortion tactics, encrypting data while also threatening to leak stolen information if ransom demands are not met. This approach leverages both the fear of operational disruption and reputational damage to pressure victims into paying. What sets LOCKBIT GREEN apart from other actors is its high reliance on critical vulnerabilities, suggesting a focus on impactful disruptions rather than widespread opportunistic attacks.

LOCKBIT GREEN's technical footprint highlights their strategic use of critical and high-severity vulnerabilities, with six CRITICAL CVEs indicating a preference for severe impact over volume. The group’s exploitation strategy likely involves targeted campaigns against specific organizations or industries where these vulnerabilities are prevalent. While the exact tools used by LOCKBIT GREEN remain unknown, the sophistication implied by their focus on critical vulnerabilities suggests they may employ advanced malware and lateral movement techniques. Defenders should prioritize patch management to address known CRITICAL CVEs and implement robust network segmentation to limit the spread of any initial breaches.

Predicted CVEs (15) CORRELATION

How does prediction work?

Predicted CVEs are identified through automated correlation using multiple sources: vendor/product profiles historically targeted by the group (MITRE ATT&CK), attack chain patterns (KEV + TTPs), threat intelligence (MISP, STIX), and AI analysis. These CVEs have not been confirmed as exploited by this specific group, but have a high probability of being targets based on the actor's operational profile.

CVE-2021-44228 CRITICAL Apache Software Foundation Apache Log4j2 high 10.0 CVE-2021-44228 CRITICAL Apache Software Foundation Apache Log4j2 predicted 10.0 CVE-2021-22986 CRITICAL F5 BIG-IP and BIG-IQ Centralized Management high 9.8 CVE-2023-27350 CRITICAL PaperCut NG predicted 9.8 CVE-2023-27350 CRITICAL PaperCut NG high 9.8 CVE-2025-10035 CRITICAL Fortra GoAnywhere MFT predicted 9.8 CVE-2021-22986 CRITICAL F5 BIG-IP and BIG-IQ Centralized Management predicted 9.8 CVE-2023-3519 CRITICAL Citrix NetScaler ADC predicted 9.8 CVE-2021-45046 CRITICAL Apache Software Foundation Apache Log4j predicted 9.0 CVE-2023-4966 HIGH Citrix NetScaler ADC predicted 7.5 CVE-2023-4966 HIGH Citrix NetScaler ADC high 7.5 CVE-2023-0669 HIGH Fortra Goanywhere MFT predicted 7.2 CVE-2023-0669 HIGH Fortra Goanywhere MFT high 7.2 CVE-2020-1472 MEDIUM Microsoft Windows Server version 2004 high 5.5 CVE-2020-1472 MEDIUM Microsoft Windows Server version 2004 predicted 5.5