Recent intrusions by BlackByte 2.0 ransomware have been completed within a span of only five days, The Hacker News reports.
Various tools and techniques have been leveraged by threat actors to achieve the abbreviated attacks, with vulnerable Microsoft Exchange Servers initially exploited to obtain initial network access wherein malicious activities could be conducted, a report from Microsoft's Incident Response team showed.
After conducting encryption and avoiding detection through process hollowing and antivirus evasion, BlackByte 2.0 uses web shells with remote access and control to ensure system presence.
Attackers were also observed to leverage Cobalt Strike beacons for command-and-control operations, "living-off-the-land" tools, and conduct volume shadow copy alterations, before distributing backdoors that ensure continued compromise.
Such attacks should prompt organizations to strengthen their patch management policies to ensure timely security update application, as well as activate tamper protection that would bolster their security systems' defenses against attacks, according to Microsoft.
BlackByte ransomware hastens attacks
Recent intrusions by BlackByte 2.0 ransomware have been completed within a span of only five days, The Hacker News reports.
Attackers purporting to be Royal Mail distributed malicious emails about a failed package delivery with a PDF attachment that included a link redirecting to a Dropbox-hosted ZIP file, which then facilitated the execution of Prince ransomware.
Such websites, which are operated under "AI Nude" and are advanced by black hat SEO techniques, promise the conversion of uploaded photos into deepfake nudes but display a link, which when clicked redirected to another site with the password and link to the password-protected Dropbox-hosted archive that contains the infostealer malware.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.