News

Microsoft has announced the discovery of a new version of the BlackCat ransomware that incorporates tools like Impacket and RemCom to facilitate lateral movement and remote code execution. The Impacket tool contains modules for credential dumping and remote service execution, which can be used for deploying the BlackCat ransomware in targeted environments. The BlackCat version also includes the RemCom hacktool for remote code execution and contains compromised target credentials for lateral movement and further deployment of the ransomware.

The BlackCat ransomware was first observed in attacks by a BlackCat affiliate in July 2023. It is a constantly evolving cybercrime group, and its attacks have been attributed to 212 out of a total of 1,500 ransomware attacks, according to Rapid7’s Mid-Year Threat Review for 2023. The group has also released a data leak API to increase the visibility of its attacks.

In addition to BlackCat, another threat group known as Cuba (aka COLDRAW) has been observed using an extensive attack toolset that includes BUGHATCH, BURNTCIGAR, Wedgecut, Metasploit, and Cobalt Strike frameworks. The group has incorporated modifications into BURNTCIGAR to terminate targeted processes and impede analysis.

Ransomware attacks have become more sophisticated and prevalent in the first half of 2023 compared to all of 2022, despite increased law enforcement efforts to dismantle these operations. Some groups have transitioned from encryption-based attacks to exfiltration and ransom, while others have resorted to triple extortion, which involves blackmailing victims’ employees or customers and launching DDoS attacks for additional pressure. Additionally, managed service providers (MSPs) have become targets for breaching corporate networks, as demonstrated by the Play ransomware campaign that targeted various industries and governmental entities.

Threat actors often abuse legitimate Remote Monitoring and Management (RMM) software used by service providers to gain direct access to customers’ environments. This allows them privileged access to networks and bypasses existing defenses. In response, the U.S. government has released a Cyber Defense Plan to mitigate threats to the RMM ecosystem.

Overall, ransomware attacks continue to pose a significant risk, and threat actors are constantly refining their tactics and toolsets to maximize their impact.

The post Microsoft Discloses New Version of BlackCat Ransomware appeared first on satProviders.