Newly emergent CatB ransomware has been leveraging DLL search order hijacking through Microsoft Distributed Transaction Coordinator to bypass security systems and facilitate payload deployment, The Hacker News reports.|
Believed to be an evolution of the Pandora ransomware attributed to Chinese cyberespionage operation Bronze Starlight, CatB ransomware features a dropper with anti-analysis checking capabilities that eventually exploits MSDTC to enable the injection of the oci.dll payload with the ransomware strain, according to a SentinelOne report.
The report also showed that CatB ransomware has the capability to exfiltrate browser-stored passwords, history, and bookmarks, as well as forgoes the traditional ransomware note in exchange of messages in encrypted files urging Bitcoin payments.
"CatB joins a long line of ransomware families that embrace semi-novel techniques and atypical behaviors such as appending notes to the head of files. These behaviors appear to be implemented in the interest of detection evasion and some level of anti-analysis trickery," said researcher Jim Walter.
Novel CatB ransomware analyzed
Newly emergent CatB ransomware has been leveraging DLL search order hijacking through Microsoft Distributed Transaction Coordinator to bypass security systems and facilitate payload deployment, The Hacker News reports.|
Security pros says while Star Blizzard will most likely regroup, it does degrade their operations and gives defenders some time to deploy AI-powered tools.
While the U.S. remains the initiative's overall chair, Canada will be tasked to spearhead its private sector advisory panel and Germany and Nigeria will lead its diplomacy and capacity-building pillar while CRI's operational task force will be under the helm of Australia and Lithuania.