Rapid7 found notable similarities between BlackHunt ransomware and LockBit, which suggested that it uses leaked code of Lockbit. In addition, it uses some techniques similar to REvil ransomware. Rapid7 provided a technical analysis of a BlackHunt sample, describing functionalities and MITRE ATT&CK techniques. IOC provided.
🔗 https://www.rapid7.com/blog/post/2024/02/05/exploring-the-not-so-secret-code-of-blackhunt-ransomware-2/
🛡️ Australia, the U.K., and the U.S. unite to sanction Russian #REvil hacker tied to the Medibank data breach, exposing sensitive #healthcare data of millions.
Ending the mini-series that covers the Cisco Talos Intelligence Group's Year In Review report, we will be diving into the MITRE ATT&CK Technique T1068, Exploitation for Privilege Escalation. This technique falls under the Tactic of Privilege Escalation (TA0004) and has no sub-techniques. This technique can be seen when adversaries "exploit software vulnerabilities in an attempt to elevate privileges" (https://attack.mitre.org/techniques/T1068/) and has been used by groups like #ScatteredSpider and seen in the #Stuxnet malware.
IN another example, the #REvil ransomware-as-a-service group used this technique when they targeted the Microsoft Windows Malware Protection Engine and abused it by side-loading a DLL that executed the ransomware. Of course, I can't leave you empty handed, so here is the Community Hunt Package that you can use to hunt for that activity!