The Remcom and Impacket tools do their job, making it much easier for hackers to move sideways through victim networks.
Microsoft is warning of a new version of the Sphynx ransomware developed and maintained by BlackCat (aka ALPHV), one of the most dangerous ransomware groups in the world. The new version includes the Impacket and Remcom network tools, which gives attackers the ability to quickly spread the ransomware throughout a hacked corporate network.
The Sphynx ransomware originally appeared in February of this year, and then was updated in April. The goal of this update was to optimize antivirus detection and completely redesign the encryption code.
Shortly thereafter, IBM Security X-Force experts conducted a detailed analysis of the new ransomware and warned that it had, in fact, turned into a full-fledged tool for cyber attacks.
This conclusion was made after the discovery of the Impacket network utility in the program code. It is often used by attackers to escalate privileges and traverse hacked networks sideways.
In a recent series of blog posts, the Microsoft Threat Intelligence team analyzed a more recent version of Sphynx. The researchers confirm that the attackers are indeed using the Impacket toolkit, which allows them to quickly navigate the victim's network and distribute the ransomware to other devices.
Impacket is described as a set of open source Python classes for working with network protocols. More often, however, this toolkit is used by pentesters and cybercriminals to traverse the network laterally after gaining initial access. Using Impacket, you can also get elevated privileges in the system, intercept NTLM authorization, create remote shells, and much more.
In addition to Impacket, the Remcom tool has also been added to the latest version of Sphynx. It is a lightweight remote shell that is used to run commands on other computers on the victim's network.
Turning the BlackCat ransomware into a full-fledged post-exploitation tool allows attackers to launch attacks much faster and cover as many devices as possible on the network of the victim organization. Such innovations seriously complicate the task of cyber defense for security professionals.
BlackCat operators have always been considered one of the most technologically advanced criminal gangs. They are constantly developing their tools and tactics for carrying out attacks. And the recent Sphynx update is just another confirmation of this.
Companies should be on the lookout and take measures to detect potential compromises in a timely manner, as well as quickly block the threat from spreading through the internal network.
Microsoft is warning of a new version of the Sphynx ransomware developed and maintained by BlackCat (aka ALPHV), one of the most dangerous ransomware groups in the world. The new version includes the Impacket and Remcom network tools, which gives attackers the ability to quickly spread the ransomware throughout a hacked corporate network.
The Sphynx ransomware originally appeared in February of this year, and then was updated in April. The goal of this update was to optimize antivirus detection and completely redesign the encryption code.
Shortly thereafter, IBM Security X-Force experts conducted a detailed analysis of the new ransomware and warned that it had, in fact, turned into a full-fledged tool for cyber attacks.
This conclusion was made after the discovery of the Impacket network utility in the program code. It is often used by attackers to escalate privileges and traverse hacked networks sideways.
In a recent series of blog posts, the Microsoft Threat Intelligence team analyzed a more recent version of Sphynx. The researchers confirm that the attackers are indeed using the Impacket toolkit, which allows them to quickly navigate the victim's network and distribute the ransomware to other devices.
Impacket is described as a set of open source Python classes for working with network protocols. More often, however, this toolkit is used by pentesters and cybercriminals to traverse the network laterally after gaining initial access. Using Impacket, you can also get elevated privileges in the system, intercept NTLM authorization, create remote shells, and much more.
In addition to Impacket, the Remcom tool has also been added to the latest version of Sphynx. It is a lightweight remote shell that is used to run commands on other computers on the victim's network.
Turning the BlackCat ransomware into a full-fledged post-exploitation tool allows attackers to launch attacks much faster and cover as many devices as possible on the network of the victim organization. Such innovations seriously complicate the task of cyber defense for security professionals.
BlackCat operators have always been considered one of the most technologically advanced criminal gangs. They are constantly developing their tools and tactics for carrying out attacks. And the recent Sphynx update is just another confirmation of this.
Companies should be on the lookout and take measures to detect potential compromises in a timely manner, as well as quickly block the threat from spreading through the internal network.