Safety researchers at Kaspersky have unveiled analysis into the actions of the infamous ransomware group often called Cuba. In accordance with a brand new advisory printed by Kaspersky earlier right this moment, the infamous cyber-criminal gang has been focusing on organizations worldwide, spanning numerous industries.
The technical write-up exhibits that in December 2022, Kaspersky detected a suspicious incident on a shopper’s system. This preliminary discovery unearthed three mysterious information that led to the activation of the komar65 library, additionally known as BUGHATCH.
BUGHATCH is a complicated backdoor that operates in course of reminiscence, connecting to a Command-and-Management (C2) server to obtain directions. This malware can obtain software program like Cobalt Strike Beacon and Metasploit, and its use of vulnerabilities within the Veeamp backup software program strongly suggests Cuba’s involvement.
Kaspersky’s investigation additionally revealed the presence of Russian-speaking members inside the group, indicated by references to the “komar” folder, which interprets to “mosquito” in Russian. The group has additional enhanced the malware’s capabilities with extra modules, together with one accountable for gathering and sending system data to a server by way of HTTP POST requests.
Moreover, Kaspersky found new malware samples attributed to Cuba on VirusTotal, a few of which had evaded detection by different safety distributors. These samples symbolize up to date variations of the BURNTCIGAR malware, incorporating encrypted knowledge to keep away from antivirus detection.
Learn extra on this exploit: Cuba Ransomware Group Steals Credentials By way of Veeam Exploit
Cuba, a single-file ransomware pressure, operates with out extra libraries, making it difficult to detect. This Russian-speaking group targets numerous industries throughout North America, Europe, Oceania and Asia, using each public and proprietary instruments. They frequently replace their toolkit and use techniques equivalent to BYOVD (Convey Your Personal Susceptible Driver). Notably, they manipulate compilation timestamps to mislead investigators.
Regardless of their extended presence within the cybersecurity highlight, Cuba stays dynamic and always refines its methods, together with knowledge encryption and tailor-made assaults to extract delicate data.
Within the report, Kaspersky emphasised the significance of staying knowledgeable and proactive towards evolving cyber-threats and inspired organizations to comply with greatest practices to safeguard towards ransomware.
“Our newest findings underscore the significance of entry to the most recent reviews and menace intelligence. As ransomware gangs like Cuba evolve and refine their techniques, staying forward of the curve is essential to successfully mitigate potential assaults,” defined Gleb Ivanov, a cybersecurity professional at Kaspersky.
“With the ever-changing panorama of cyber-threats, information is the last word protection towards rising cyber-criminals.”
