216.73.216.86

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms

· Published 07/07/2025 11:58 · Modified 13/07/2025 09:39

Export JSON

Essential information

Published
07/07/2025 11:58
Modified
13/07/2025 09:39
Tags
2025-07-07 asia bert encryption esxi europe linux powershell ransomware windows
Related entities
9 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware, 2 others

Description

A newly emerged group called has been targeting organizations across and since April. The group employs simple code with effective execution, impacting sectors such as healthcare, technology, and event services. 's operates on both and platforms, using -based loaders, privilege escalation, and concurrent file . On systems, it can support up to 50 threads for fast and forcibly shut down virtual machines. The group's tactics include disabling security features, terminating specific processes, and using standard algorithms. 's variants have evolved, streamlining their process and expanding their targeting activities. The variant shows similarities to the REvil , suggesting possible code reuse.

External references