Microsoft has identified a new version of the BlackCat ransomware, also known as ALPHV and Noberus, that comes equipped with tools like Impacket and RemCom to enhance lateral movement and remote code execution. The Impacket tool within this version of BlackCat enables credential dumping and remote service execution, providing a means for broader deployment of the ransomware in targeted environments.
Additionally, the RemCom hacktool is embedded in the executable, allowing for remote code execution and containing compromised target credentials for lateral movement and further ransomware deployment. The new variant of BlackCat was observed in attacks by a BlackCat affiliate in July 2023.
This development follows IBM Security X-Force’s disclosure of an updated version of BlackCat called Sphynx in February 2023, which exhibited improved encryption speed and stealth capabilities. The ransomware appears to function as a toolkit rather than just ransomware, indicating a broader set of functionalities beyond encryption. The incorporation of Impacket tools in the BlackCat ransomware showcases the adaptability and evolving tactics of cyber threat actors. The ongoing efforts to refine and retool ransomware demonstrate the constant evolution in the cybersecurity landscape, as threat actors seek to enhance their methods and evade detection.
