top of page
Search
Writer's pictureStormsec

Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics

Attackers deploying the Noberus (aka BlackCat, ALPHV) ransomware have been using new tactics, tools, and procedures (TTPs) in recent months, making the threat more dangerous than ever. Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software.




ADVERSARY: FIN7


INDUSTRIES: Banking, Hospitality, Retail


MALWARE FAMILIES: Noberus, BlackMatter, Eamfo


ATT&CK IDS: T1014 - Rootkit, T1566 - Phishing, T1081 - Credentials in Files, T1011 - Exfiltration Over Other Network Medium, T1022 - Data Encrypted


Read More:

2 views

Comments


Commenting has been turned off.
bottom of page