216.73.217.80

A Hybrid Approach with Data Exfiltration and Encryption

· Published 12/07/2025 09:21 · Modified 14/07/2025 11:09

Export JSON

Essential information

Published
12/07/2025 09:21
Modified
14/07/2025 11:09
Tags
2025-07-12 blacksuit cobalt strike data exfiltration encryption ransomware rclone
Related entities
1 intrusion sets (apt), 8 techniques (mitre), 2 malware

Description

The group, believed to be a rebrand of Royal , has emerged as a significant threat to organizations. This sophisticated attack combines and , utilizing tools like for command and control, for , and for file . The group's tactics include lateral movement through RDP, SMB, and PsExec, credential dumping, and deletion of shadow copies. Notably, the uses a -nomutex flag, allowing multiple concurrent executions. The attack flow involves initial access, lateral movement, , partial , and ransom demands ranging from $1 million to $10 million USD in Bitcoin. This hybrid approach highlights the evolving nature of threats and the need for robust security measures.

External references