Security News > 2022 > April > Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
Cybersecurity researchers have uncovered further links between BlackCat and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year.
"At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool and which has only been observed in BlackMatter activity," Kaspersky researchers said in a new analysis.
The findings come less than a month after Cisco Talos researchers identified overlaps in the tactics, techniques, and procedures between BlackCat and BlackMatter, describing the new ransomware variant as a case of "Vertical business expansion."
BlackCat stands out for two reasons: it's an affiliate actor that has deployed BlackMatter in the past and its malware is written in Rust, indicating how threat actors are increasingly pivoting to programming languages with cross-compilation capabilities.
The group "Provides infrastructure, malware samples, ransom negotiations, and probably cash-out," the researchers noted.
"This use of a modified Fendr, also known as ExMatter, represents a new data point connecting BlackCat with past BlackMatter activity," the researchers said.
News URL
https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html
Related news
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program (source)
- Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (source)
- Researchers discover first UEFI bootkit malware for Linux (source)