Security News > 2023 > February > New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware
Threat actors are promoting a new 'Exfiltrator-22' post-exploitation framework designed to spread ransomware in corporate networks while evading detection.
Threat analysts at CYFIRMA claim that this new framework was created by former Lockbit 3.0 affiliates who are experts in anti-analysis and defense evasion, offering a robust solution in exchange for a subscription fee.
Buyers of the framework are given an admin panel hosted on a bulletproof VPS from where they can control the framework's malware and issue commands to compromised systems.
By the end of the year, the threat actors announced new features that helped conceal traffic on compromised devices, indicating that the framework was under active development.
Through the service's web panel, cybercriminals can also set scheduled tasks, update agents to a new version, change a campaign's configuration, or create new campaigns.
The CYFIRMA team has found evidence that LockBit 3.0 affiliates or members of the ransomware operation's development team are behind EX-22.
News URL
Related news
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)
- LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages (source)