BlackSuit Ransomware
Essential information
- Published
- 27/08/2024 08:35
- Modified
- 27/08/2024 09:06
- Tags
- 2024-08-27 blacksuit cobalt strike cobaltstrike credential access discovery get-datainfo.ps1 lateral movement ransomware rubeus sharphound systembc
- Related entities
- 16 observables, 25 techniques (mitre), 6 malware
Description
The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside built-in Windows utilities, to establish a persistent foothold, exfiltrate data, and ultimately encrypt systems for financial gain. The investigation revealed the use of various obfuscation techniques, including process injection, proxy servers, and malleable command-and-control infrastructure, highlighting the actor's determination to evade detection.