![]() ![]() Next, Cuba deployed webshells to establish a foothold in the compromised network. “The threat actors likely perform initial reconnaissance activities to identify internet-facing systems that may be vulnerable to exploitation,” researchers said. True to form, Mandiant observed the group “frequently” picking apart vulnerabilities on public-facing Microsoft Exchange infrastructure as an initial compromise vector. They’re just one way that Hancitor operators gain initial access to target machines: Other avenues include phishing emails, and the exploitation of compromised credentials or legitimate Remote Desktop Protocol (RDP) tools, according to the FBI’s December alert. ![]() ![]() This isn’t the first time that Cuba has shown a taste for Exchange vulnerabilities, either. For what it’s worth, Mandiant hasn’t seen Cuba attacking hospitals or other entities that provide urgent care.Īt the time, the FBI noted that the Cuba ransomware is distributed using a first-stage implant that acts as a loader for follow-on payloads: the Hancitor malware, which has been around for at least five years. entities in the financial, government, healthcare, manufacturing and information-technology sectors – to the group. In a December flash alert, the FBI attributed a spate of attacks – on at least 49 U.S. In fact, Cuba may be the only group that uses COLDDRAW: At least, it’s the only threat actor using it among those tracked by Mandiant, “which may suggest it’s exclusively used by the group,” researchers said. Mandiant, which tracks the threat actor as UNC2596, noted that the group deploys the COLDDRAW ransomware. The group has likely been prying open these chinks in victims’ armor as early as last August, Mandiant reported on Wednesday. The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |