BlackCat gang wields a new weapon to target cloud storage
The BlackCat ransomware gang is now using the Sphynx encryptor to target Azure cloud storage. The Spynx variant was discovered in March this year in an investigation of a data breach that shared similarities with another attack described in an IBM-Xforce report.
BlackCat continues to be one of the most high-profile, sophisticated threat actor groups, owing to the gang’s ability to continuously refine and adapt its tactics.
Bumblebee returns with a transformed strategy
After two months of inactivity, malware loader Bumblebee has returned to abuse WebDAV services. WebDAV enables the creating, updating, accessing, and deleting of web server content, and a violation of this extension allows threat actors to perform these functions in infected devices.
Threat actors employ new espionage malware
Espionage-focused hacker group Earth Lucsa continues to target government agencies in multiple countries and is now using a Linux backdoor malware variant called SprySOCKS.
The variant shares characteristics with RedLeaves, which is a Windows backdoor, as well as Derusbi, a Linux malware. Among other capabilities, SprySOCKS enables users to collect system information, list network connections, and perform basic file operations, such as renaming, listing, deleting, and creating directories.
