Security News > 2022 > August > Hacker uses new RAT malware in Cuba Ransomware attacks
A member of the Cuba ransomware operation is employing previously unseen tactics, techniques, and procedures, including a novel RAT and a new local privilege escalation tool.
The threat actor was named 'Tropical Scorpius' by researchers at Palo Alto Networks Unit 42 and is likely an affiliate of the Cuba ransomware operation.
Tropical Scorpius marks a shift to new tactics, making the Cuba operation potentially more dangerous and intrusive.
Tropical Scorpius TTPs. The threat actor, Tropical Scorpius, uses the standard Cuba ransomware payload, which has remained largely unchanged since the operation launched in 2019.
Unit 42 noticed that Tropical Scorpius compiled a new version of ROMCOM and uploaded it for testing on VirusTotal on June 20, 2022, which pointed to the same C2 address.
The appearance of Tropical Scorpius and its new TTPs indicates that Cuba ransomware is evolving into a greater threat, even if the particular RaaS isn't the most prolific in terms of the number of victims.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)