Microsoft discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool.
Microsoft discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool. It enables the ransomware to spread laterally across a breached network.
In April, cybersecurity researcher VX-Underground tweeted about a new BlackCat/ALPHV encryptor version called Sphynx.
BlackCat operators recently announced the completion of testing for the new Sphynx version. The code, including encryption, has been completely rewritten from scratch, focusing on optimizing detection antivirus and endpoint detection and response (EDR) systems.
IBM Security X-Force conducted an in-depth analysis of the BlackCat encryptor and identified that it had evolved into a toolkit. This was based on strings in the executable that indicated the presence of impacket.
Impacket is an open-source collection of Python classes for working with network protocols. Typically used by penetration testers and red teamers, threat actors have also used this for post-exploitation functions such as remote execution and dumping credentials from processes, launching NTLM relay attacks, and more.
Additionally, the BlackCat encryptor incorporates the Remcom hacking tool, a remote shell for executing commands on other devices within a network. Microsoft says the new encryptor variant, BlackCat 3.0, has been used by the BlackCat affiliate 'Storm-0875' since July 2023.
The BlackCat gang, also known as ALPHV, emerged in November 2021 and is believed to be a rebranding of the DarkSide/BlackMatter group responsible for the Colonial Pipeline attack. The BlackCat gang is considered one of the most advanced and top-tier ransomware operations, continuously evolving its tactics.
Threat actors developed a data leak API to disseminate stolen data quickly. The BlackCat encryptor evolving from a decryptor to a full-fledged post-exploitation toolkit allows the ransomware affiliates to deploy file encryption across the network. These new tools pose challenges for defenders as they strive to effectively detect and mitigate ransomware attacks.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?