Ransomware, Threat Management, Malware
Leaked LockBit, Babuk code leveraged by Buhti ransomware operation
BleepingComputer reports that Windows and Linux systems are being targeted by Blacktail's Buhti ransomware operation using leaked LockBit and Babuk ransomware source code.
Attacks by Blacktail on Windows systems involve the use of the Windows LockBit 3.0 builder that would prompt file encryption with the ".buthi" extension, while a Babuk source code-based payload has been leveraged in intrusions against Linux systems, according to a report from Symantec's Threat Hunter team.
Despite reusing leaked ransomware source code, Blacktail's Buhti operation has been leveraging its own Go-based exfiltration tool and network infiltration technique on top of exploiting the PaperCut NG and MF remote code execution vulnerability, tracked as CVE-2023-27350, and the IBM Aspera Faspex flaw, tracked as CVE-2022-47986, said researchers.
Organizations in the U.S., China, Belgium, India, Estonia, Switzerland, Spain, Germany, Ethiopia, and the U.K. have already been impacted by Buhti ransomware attacks, indicating the significant threat of the Blacktail operation, noted Kaspersky researcher Marc Rivero.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds