SecurityWeek reports that threat actors leveraging the new Noberus ransomware, also known as BlackCat or ALPHV, have used three variants of the first known Rust-based ransomware in a single attack against a victim organization's network.
Symantec researchers discovered that malicious activity commenced on November 3, when the attackers first gained network access and infected two of the victim's systems, but they waited until November 18 before releasing the ransomware.
Attackers leveraged PsExec, which was initially deployed to obtain elevated administrative privileges, to enable PowerShell command execution that disabled Windows Defender before launching Noberus. Noberus has been discovered to have shadow copy deletion, system data collection, and hidden partition creation capabilities. Symantec also noted that while the attack has been discovered and remediated by the victim organization, network access was regained by its attackers, who launched another Noberus variant.
"In total, three variants of this ransomware were identified during this intrusion, leading to at least 261 machines on the network becoming infected with Noberus," said Symantec.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.