BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
Essential information
- Published
- 28/08/2024 14:04
- Modified
- 28/08/2024 14:35
- Tags
- 2024-08-28 CVE-2024-37085 authentication blackbytent byovd exbyte ransomware worm
- Related entities
- 4 observables, 1 intrusion sets (apt), 21 techniques (mitre), 2 malware, 3 others
Description
The BlackByte ransomware group continues leveraging established tactics and vulnerable drivers to bypass security controls, while also incorporating newly disclosed vulnerabilities and using stolen credentials for propagation. A new iteration of their encryptor appends the 'blackbytent_h' extension to encrypted files, drops four vulnerable drivers, and employs Active Directory credentials for self-propagation. The group appears more active than its data leak site suggests, rapidly adapting its techniques.