BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The BlackByte ransomware group continues leveraging established tactics and vulnerable drivers to bypass security controls, while also incorporating newly disclosed vulnerabilities and using stolen credentials for propagation. A new iteration of their encryptor appends the 'blackbytent_h' extension to encrypted files, drops four vulnerable drivers, and employs Active Directory credentials for self-propagation. The group appears more active than its data leak site suggests, rapidly adapting its techniques.
OPENCTI LABELS :
ransomware,byovd,worm,authentication,exbyte,blackbytent,cve-2024-37085
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks