October 3, 2023

Security researchers froidentified a new variant of BlackCat ransomware malware that uses an open-source communication framework tool to facilitate lateral movement in target environments.

BlackCat is a Russian-speaking criminal group suspected of being a successor to DarkSide and BlackMatter, with ties to former REvil members.

Microsoft has revealed that the updated cryptoware incorporates the Impacket networking framework and the RemCom hacking tool being used by a BlackCat affiliate in July 2023.


Impacket is an open-source collection of modules designed for network penetration testing, security assessments and related research purposes. Microsoft said BlackCat is using Impacket’s credential dumping and remote service execution modules to deploy malware ransomware in target environments.

The RemCom tool allows for remote code execution. It is embedded in the ransomware usernames and passwords already set up and allows them to spread the ransomware to other computers in the network and lock up more files for ransom.

VX-underground reported in April that an updated version of the BlackCat ransomware called Sphynx had brought improvements in encryption speed and stealthiness.

The US CISA published an advisory in 2022 warned of Impacket being used to steal sensitive information from a defense industrial base organization.

Leave a Reply

%d bloggers like this: