216.73.217.126

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

· Published 28/08/2024 14:04 · Modified 28/08/2024 14:35

Export JSON

Essential information

Published
28/08/2024 14:04
Modified
28/08/2024 14:35
Tags
2024-08-28 CVE-2024-37085 authentication blackbytent byovd exbyte ransomware worm
Related entities
4 observables, 1 intrusion sets (apt), 21 techniques (mitre), 2 malware, 3 others

Description

The BlackByte group continues leveraging established tactics and vulnerable drivers to bypass security controls, while also incorporating newly disclosed vulnerabilities and using stolen credentials for propagation. A new iteration of their encryptor appends the 'blackbytent_h' extension to encrypted files, drops four vulnerable drivers, and employs Active Directory credentials for self-propagation. The group appears more active than its data leak site suggests, rapidly adapting its techniques.

External references