The operators have since been observed swiftly exploiting other severe bugs impacting IBM’s Aspera Faspex file exchange application ( CVE-2022-47986) and PaperCut ( CVE-2023-27350) to drop the ransomware. Later that same month, Bitdefender revealed the use of a Windows variant that was deployed against Zoho ManageEngine products that were vulnerable to critical remote code execution flaws ( CVE-2022-47966). Buhti was first highlighted by Palo Alto Networks Unit 42 in February 2023, describing it as a Golang ransomware targeting the Linux platform. The cybersecurity firm is tracking the cybercrime group under the name Blacktail. “While the group doesn’t develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types,” Symantec said in a report shared with The Hacker News. The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |