BlackCat Ransomware Gang Targets Unpatched Microsoft Exchange Servers

Share post:

BlackCat ransomware gang targets unpatched Microsoft Exchange Server to exploit vulnerabilities and to gain access to targeted networks.

According to the Microsoft 365 Defender Threat Intelligence Team, the attackers, after gaining an entry point, carried out a number of actions, including gathering information about the compromised machines, carrying out credentials thefts and lateral movement activities.

After carrying out the above actions, the attackers then went to harvest intellectual property, while dropping the ransomware payload.

In their analysis, the researchers pointed out how no two BlackCat ‘lives’ or deployment might look the same.

“In another incident we observed, we found that a ransomware affiliate gained initial access to the environment via an internet-facing Remote Desktop server using compromised credentials to sign in,” the researchers said.

Giving further details, Microsoft said that “two of the most prolific” affiliate threat groups associated with several ransomware families such as Hive, Conti, REvil and LockBit 2.0 are now spreading BlackCat.

“Detecting threats like BlackCat, while good, is no longer enough as human-operated ransomware continues to grow, evolve and adapt to the networks they’re deployed on the attackers they work for. These types or attacks continue to take advantage of an organization’s poor credential hygiene and legacy configurations or misconfigurations to succeed,” the researchers said.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways