Security News > 2023 > August > New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools

New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
2023-08-18 10:57

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.

"The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X. "This BlackCat version also has the RemCom hacktool embedded in the executable for remote code execution. The file also contains hardcoded compromised target credentials that actors use for lateral movement and further ransomware deployment."

Redmond said it started observing the new variant in attacks conducted by a BlackCat affiliate in July 2023.

"The BlackCat ransomware sample contains more than just ransomware functionality but can function as a 'toolkit,'" IBM Security X-Force noted in late May 2023.

According to Rapid7's Mid-Year Threat Review for 2023, BlackCat has been attributed to 212 out of a total of 1,500 ransomware attacks.

It's not just BlackCat, for Cuba ransomware threat group has also been observed utilizing a comprehensive attack toolset encompassing BUGHATCH, a custom downloader; BURNTCIGAR, an antimalware killer; Wedgecut, a host enumeration utility; Metasploit; and Cobalt Strike frameworks.


News URL

https://thehackernews.com/2023/08/new-blackcat-ransomware-variant-adopts.html