Found 24 bookmarks
Custom sorting
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
In November 2023, we identified a BlackCat ransomware intrusion started by Nitrogen malware hosted on a website impersonating Advanced IP Scanner. Nitrogen was leveraged to deploy Sliver and Cobalt Strike beacons on the beachhead host and perform further malicious actions. The two post-exploitation frameworks were loaded in memory through Python scripts. After obtaining initial access and establishing further command and control connections, the threat actor enumerated the compromised network with the use of PowerSploit, SharpHound, and native Windows utilities. Impacket was employed to move laterally, after harvesting domain credentials. The threat actor deployed an opensource backup tool call Restic on a file server to exfiltrate share data to a remote server. Eight days after initial access the threat actor modified a privileged user password and deployed BlackCat ransomware across the domain using PsExec to execute a batch script. Six rules were added to our Private Ruleset related to this intrusion.
#thedfirreport#EN#2024#BlackCat#ransomware#Advanced-IP-Scanner
·thedfirreport.com·
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
The U.S. State Department on Wednesday offered up to $10 million for information on the "Blackcat" ransomware gang who hit the UnitedHealth Group's tech unit and snarled insurance payments across America. "The ALPHV Blackcat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide," the department said in a statement announcing the reward offer.
#reuters#EN#2024#US#bounty#ALPHV#Blackcat
·reuters.com·
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
Blackcat ransomware site reportedly seized but UK agency denies responsibility
Blackcat ransomware site reportedly seized but UK agency denies responsibility
website used by hackers responsible for a breach at UnitedHealth Group (UNH.N), opens new tab has been replaced by a notice saying it has been seized by international law enforcement. But at least one of the agencies allegedly responsible said it had nothing to do with the seizure, raising the possibility that the hackers - who also go by the moniker ALPHV - faked their own takedown. A message posted to the website of the Blackcat hacking gang on Tuesday said it had been impounded "as part of a coordinated law enforcement action" by U.S. authorities and other law enforcement agencies. Among the logos of non-American agencies involved were those of Europol and Britain's National Crime Agency.
#reuters#EN#2024#AlphV#UnitedHealth-Group#BlackCat#ransomware#UK#denies
·reuters.com·
Blackcat ransomware site reportedly seized but UK agency denies responsibility
BlackCat Ransomware Affiliate TTPs
BlackCat Ransomware Affiliate TTPs
This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment.
#huntress#EN#2024#BlackCat#Ransomware#TTPs#ScreenConnect
·huntress.com·
BlackCat Ransomware Affiliate TTPs
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception, including networks that support U.S. critical infrastructure.
#justice.gov#EN#2023#ALPHV#Blackcat#ransomware#group#Disrupts#announce
·justice.gov·
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
Not so lucky: BlackCat is back!
Not so lucky: BlackCat is back!
While the main trend in the cyber threat landscape in recent months has been MoveIt and Cl0p, NCC Groups’ Cyber Incident Response Team have also been handling multiple different ransomware groups over the same period. In the ever-evolving cybersecurity landscape, one consistent trend witnessed in recent years is the unsettling rise in ransomware attacks. These nefarious acts of digital extortion have left countless victims scrambling to safeguard their data, resources, and even their livelihoods. To counter this threat, every person in the cyber security theatre has a responsibility to shine light on current threat actor Tactics, Techniques and Procedures (TTP’S) to assist in improving defences and the overall threat landscape.
#nccgroup#EN#2023#TTP#BlackCat#D0nut#Medusa#NoEscape
·research.nccgroup.com·
Not so lucky: BlackCat is back!
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
#trendmicro#EN#2023#malware#endpoints#BlackCat#WinSCP#report#SpyBoy#GoogleAds
·trendmicro.com·
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
La nuova funzione implementata ieri da BlackCat, esporrà le vittime colpite anche su Internet, con una diffusione più massiccia e pubblica dei dati rubati, con nome di dominio autentico intestato alla vittima stessa
#insicurezzadigitale#IT#2022#BlackCat#Alphv#ransomware#pubblica#Alphv-BlackCat#Internet
·insicurezzadigitale.com·
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
La nuova funzione implementata ieri da BlackCat, esporrà le vittime colpite anche su Internet, con una diffusione più massiccia e pubblica dei dati rubati, con nome di dominio autentico intestato alla vittima stessa
#insicurezzadigitale#IT#2022#BlackCat#Alphv#ransomware#pubblica#Alphv-BlackCat#Internet
·insicurezzadigitale.com·
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
La nuova funzione implementata ieri da BlackCat, esporrà le vittime colpite anche su Internet, con una diffusione più massiccia e pubblica dei dati rubati, con nome di dominio autentico intestato alla vittima stessa
#insicurezzadigitale#IT#2022#BlackCat#Alphv#ransomware#pubblica#Alphv-BlackCat#Internet
·insicurezzadigitale.com·
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"