For what it’s worth, Mandiant hasn’t seen Cuba attacking hospitals or other entities that provide urgent care.Īt the time, the FBI noted that the Cuba ransomware is distributed using a first-stage implant that acts as a loader for follow-on payloads: the Hancitor malware, which has been around for at least five years. entities in the financial, government, healthcare, manufacturing and information-technology sectors – to the group. In a December flash alert, the FBI attributed a spate of attacks – on at least 49 U.S. In fact, Cuba may be the only group that uses COLDDRAW: At least, it’s the only threat actor using it among those tracked by Mandiant, “which may suggest it’s exclusively used by the group,” researchers said. Mandiant, which tracks the threat actor as UNC2596, noted that the group deploys the COLDDRAW ransomware. The group has likely been prying open these chinks in victims’ armor as early as last August, Mandiant reported on Wednesday. The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |