New Ransomware Group Uses Repurposed LockBit, Babuk Variants
1 min read
May 29, 2023
A new ransomware operation has been targeting Windows and Linux systems with a combination of payloads relying on leaked LockBit and Babuk code and custom-developed tools.
Researchers said the threat actor behind the campaign, Blacktail, hasn’t been linked to any existing cybercrime group. The group’s recent campaign, called Buhti, first was publicly exposed in February when security researchers found it targeting Linux systems. Researchers in a Thursday analysis found that the group was also targeting Windows systems and leveraging a new set of vulnerabilities for initial access.
“While the reuse of leaked payloads is often the hallmark of a less-skilled ransomware operation, Blacktail’s general competence in carrying out attacks, coupled with its ability to recognize the utility of newly discovered vulnerabilities, suggests that it is not to be underestimated,” said researchers.
The group has been exploiting vulnerabilities soon after they are disclosed, including a flaw in IBM’s Aspera Faspex file exchange application (CVE-2022-47986) and, more recently, a known bug in the popular PaperCut print management software (CVE-2023-27350) that enables bad actors to remotely execute code.
Related Articles
1 - 0 min read
Do I Need Antivirus as a Linux User?
1 - 0 min read
Top Reasons to Use Linux Over Windows
1 - 0 min read
2023’s Moments That Marked the Open-Source World
