October 3, 2023

Security researchers froidentified a new variant of BlackCat ransomware malware that uses an open-source communication framework tool to facilitate lateral movement in target environments.

BlackCat is a Russian-speaking criminal group suspected of being a successor to DarkSide and BlackMatter, with ties to former REvil members.

Microsoft has revealed that the updated cryptoware incorporates the Impacket networking framework and the RemCom hacking tool being used by a BlackCat affiliate in July 2023.

Advertisements

Impacket is an open-source collection of modules designed for network penetration testing, security assessments and related research purposes. Microsoft said BlackCat is using Impacket’s credential dumping and remote service execution modules to deploy malware ransomware in target environments.

The RemCom tool allows for remote code execution. It is embedded in the ransomware usernames and passwords already set up and allows them to spread the ransomware to other computers in the network and lock up more files for ransom.

VX-underground reported in April that an updated version of the BlackCat ransomware called Sphynx had brought improvements in encryption speed and stealthiness.

The US CISA published an advisory in 2022 warned of Impacket being used to steal sensitive information from a defense industrial base organization.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: