Symantec’s Threat Hunter Team has discovered that at least one affiliate of the BlackByte ransomware (Ransom.Blackbyte) operation has begun using a custom data exfiltration tool during their attacks. The malware (Infostealer.Exbyte) is designed to expedite the theft of data from the victim’s network and upload it to an external server.
REFERENCE: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackbyte-exbyte-ransomware
ADVERSARY: Hecamede
INDUSTRY: Critical Infrastructure
MALWARE FAMILIES: LockBit, Ryuk Stealer, BlackMatter, Symantec, BlackByte
ATT&CK IDS: T1083 - File and Directory Discovery, T1530 - Data from Cloud Storage Object
Read More:
Comments