Microsoft Threat Intelligence, the company’s cybersecurity arm, recently announced the discovery of a new strain of the infamous BlackCat ransomware variant.
In a thread posted on Twitter, the company said the new version comes with two new additions that help ransomware operators move laterally across compromised networks.
The two additions include the open-source communication framework tool Impacket, and the Remcom hacking tool.
Impacket and Remcom
Impacket has been described as an open-source collection of Python classes for working with network protocols, more commonly used as a post-exploitation toolkit by pentesters, red teamers, and cybercriminals, as it allows them to move laterally throughout the network, dump credentials from processes, perform NTLM relay attacks, and more.
With BlackCat, Impacket is being used to dump credentials and execute the encryptor code remotely.
The Remcom hacktool is also used for remote code execution and lateral movement, both facilitating encryptor deployment.
Microsoft doesn’t seem to be the first one to have stumbled upon this updated version of BlackCat. BleepingComputer says that VX-Underground reported on it in April this year. Citing a message BlackCat operators sent to its affiliates, the publication says the new version is called Sphynx:
“The code, including encryption, has been completely rewritten from scratch. By default all files are frozen. The main priority of this update was to optimize detection by AV/EDR,” the crooks said in their announcement.
BleepingComputer also saw a private Microsoft 365 Defender Threat Analytics advisory in which Microsoft said Storm-0875 started using Sphynx in July this year.
BlackCat is also known as ALPHV and was first launched in November 2021. It is widely considered as one of the most popular and most disruptive ransomware variants out there.
In more recent news, BlackCat was responsible for an attack against Reddit, one of the biggest online forums.
- Get a security boost and consider the best endpoint protection software
At TechRookies.com will strive to help turn Tech Rookies into Pros!
Want more articles click Here!
Deals on Homepage!
Subscribe to our newsletters. Here! On the homepage
Tech Rookies Music Here!
Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.
Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting Teachrookies.com
Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.