1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft Exchange servers targeted with Cuba ransomware

    From TechnologyDaily@1337:1/100 to All on Fri Feb 25 15:30:04 2022
    Microsoft Exchange servers targeted with Cuba ransomware

    Date:
    Fri, 25 Feb 2022 15:15:10 +0000

    Description:
    Group mainly seems to attack Microsoft Exchange servers in the US and Canada.

    FULL STORY ======================================================================

    The UNC2596 ransomware group, also known as Cuba, is abusing vulnerabilities found in Microsoft Exchange to compromise corporate endpoints , harvest data, and ultimately, deploy the COLDDRAW malware .

    Cybersecurity experts from Mandiant caught on the ransomware groups trail, saying it mostly hunts down companies in the United States and Canada.

    The experts report states the group has been using ProxyShell and ProxyLogon vulnerabilities at least since August 2021 to plant various web shells,
    Remote Access Trojans (RAT), and backdoors, on compromised systems. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window <<

    Among the backdoors used, CobaltStrike and NetSupport Manager seem to be the most popular choices, but they often use home-grown products, dubbed
    Bughatch, Wedgecut, Burntcigar, or Eck. Some of these are used as reconnaissance tools, others to terminate processes and escalate privileges.

    The difference between UNC2596 and other ransomware groups out there, is that this group does not send exfiltrated data towards cloud services. Instead, they use private infrastructure. A growing ransomware actor

    The Cuba ransomware group was reportedly formed in late 2019, and after a relatively slow start, picked up its pace in 2020 and 2021. In May 2021, the group teamed up with Hancitor malware spammers, successfully phishing out passwords for corporate networks with malicious DocuSign files.

    In late 2021, the FBI issued an advisory about the group which claimed the group breached 49 critical infrastructure organizations in the US (the Cuba leak website had fewer than 30 victims listed). Its operations earned it almost $44 million, the law enforcement agency added. However, it demanded
    $74 million. Read more

    Ransomware attacks are levelling up extortion tactics


    Russian hackers are raking in ransomware rewards


    IT workers believe ransomware is as serious as terrorism

    Despite the ransom demands, both unpaid and paid, being counted in double-digit millions, the group is relatively small, compared to some of the biggest players in the ransomware game.

    Cybersecurity researchers from Emsisoft, for example, said last year there
    had been 105 Cuba ransomware submissions, while Conti has had more than 600. Here's our rundown of the bestantivirus software around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-exchange-servers-targeted-with-cuba-r ansomware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)