BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
released on 2024-08-28 @ 02:04:19 PM
The BlackByte ransomware group continues leveraging established tactics and vulnerable drivers to bypass security controls, while also incorporating newly disclosed vulnerabilities and using stolen credentials for propagation. A new iteration of their encryptor appends the 'blackbytent_h' extension to encrypted files, drops four vulnerable drivers, and employs Active Directory credentials for self-propagation. The group appears more active than its data leak site suggests, rapidly adapting its techniques.