Ransomware, Malware

New Cuba ransomware affiliate detailed

Share
New tactics, techniques, and procedures, as well as a novel local privilege escalation tool and remote access trojan, have been used by Cuba ransomware affiliate Tropical Scorpius in new attacks, BleepingComputer reports. While Tropical Scorpius has leveraged the same Cuba ransomware payload since the operation's launch in 2019, the threat actor has begun using a legitimate but invalidated NVIDIA certificate for kernel driver signing aimed at identifying and terminating security product processes, a report from Palo Alto Networks Unit 42 showed. Moreover, a local privilege escalation tool with an exploit for the Windows Common Log File System Driver vulnerability, tracked as CVE-2022-24521, is retrieved by the attacker prior to ADFind and Net Scan usage for lateral movement. Tropical Scorpius has also leveraged a ZeroLogon hacking tool for domain administrator privileges. Meanwhile, the attacker's new ROMCOM RAT malware facilitates the return of connective drive data and file listings, as well as ZIP file uploads to the command-and-control server, and more.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.