Security News > 2023 > February > New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware
Threat actors are promoting a new 'Exfiltrator-22' post-exploitation framework designed to spread ransomware in corporate networks while evading detection.
Threat analysts at CYFIRMA claim that this new framework was created by former Lockbit 3.0 affiliates who are experts in anti-analysis and defense evasion, offering a robust solution in exchange for a subscription fee.
Buyers of the framework are given an admin panel hosted on a bulletproof VPS from where they can control the framework's malware and issue commands to compromised systems.
By the end of the year, the threat actors announced new features that helped conceal traffic on compromised devices, indicating that the framework was under active development.
Through the service's web panel, cybercriminals can also set scheduled tasks, update agents to a new version, change a campaign's configuration, or create new campaigns.
The CYFIRMA team has found evidence that LockBit 3.0 affiliates or members of the ransomware operation's development team are behind EX-22.
News URL
Related news
- Police arrest four suspects linked to LockBit ransomware gang (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)