May 29, 2023

The US government has issued an alert about the Cuba ransomware gang that gains profits.

The threat actors have hit more than 100 organizations worldwide, demanding over $145 million in payments and successfully extorting at least $60 million since August.

Researchers identified possible links between Cuba ransomware criminals and their RomCom remote access trojan and Industrial Spy ransomware counterparts.

Advertisements

Cuba gang continues to target critical infrastructure sectors that include financial services, government, healthcare and public health, critical manufacturing, and IT.

Cuba ransomware tend to use known bugs in commercial software, phishing emails, compromised credentials, and remote desktop protocol tools to gain initial access to their victims’ networks. Once in, they distribute ransomware on compromised systems via Hancitor, a loader that can drop or execute other software nasties, including RATs.

This includes exploiting CVE-2022-24521 in the Windows CLFS driver to steal system tokens and elevate privileges. They also exploit CVE-2020-1472, aka ZeroLogon, to gain domain administrative privileges.

Tags:

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: