The Hacker News - Cybersecurity News and Analysis: BlackMatter

The U.S. Federal Bureau of Investigation (FBI) is sounding the alarm on the BlackCat ransomware-as-a-service (RaaS), which it said victimized at least 60 entities worldwide between as of March 2022 since its emergence last November. Also called ALPHV and  Noberus , the malware is notable for being the first-ever ransomware written in the Rust programming language, which is known to be memory safe and offer improved performance. "Many of the developers and money launderers for BlackCat/ALPHV are linked to  DarkSide / BlackMatter , indicating they have extensive networks and experience with ransomware operations," the FBI said in an  advisory  published last week. The disclosure comes weeks after twin reports from  Cisco Talos  and  Kasperksy  uncovered links between BlackCat and BlackMatter ransomware families, including the use of a modified version of a data exfiltration tool dubbed Fendr that's been previously only observed in BlackMatter-related activity. "A

Cybersecurity researchers have uncovered further links between BlackCat (aka ALPHV) and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new  BlackCat  group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool [...] and which has only been observed in BlackMatter activity," Kaspersky researchers  said  in a new analysis. The tool, dubbed Fendr, has not only been upgraded to include more file types but also used by the gang extensively to steal data from corporate networks in December 2021 and January 2022 prior to encryption, in a popular tactic called double extortion. The findings come less than a month after Cisco Talos researchers  identified  overlaps in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, describing the new ransomware variant as a case of "vertical business expansion.&qu

An analysis of two ransomware attacks has  identified overlaps  in the tactics, techniques, and procedures (TTPs) between BlackCat and BlackMatter, indicating a strong connection between the two groups. While it's typical of ransomware groups to rebrand their operations in response to increased visibility into their attacks,  BlackCat  (aka Alphv) marks a new frontier in that the cyber crime cartel is built out of affiliates of other ransomware-as-a-service (RaaS) operations. BlackCat first emerged in November 2021 and has since targeted several organizations worldwide over the past few months. It has been called out for being similar to  BlackMatter , a short-lived ransomware family that originated from  DarkSide , which, in turn, attracted notoriety for its high-profile attack on  Colonial Pipeline  in May 2021. In an interview with Recorded Future's The Record last month, a BlackCat representative dismissed speculations that it's a rebranding of BlackMatter, while n

Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to  DarkSide  and  REvil , the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months. "The project has incorporated in itself the best features of DarkSide, REvil, and LockBit," the operators behind the new BlackMatter group said in their darknet public blog, making promises to not strike organizations in several industries, including healthcare, critical infrastructure, oil and gas, defense, non-profit, and government sectors. According to Flashpoint, the BlackMatter threat actor registered an account on Russian-language forums XSS and Exploit on July 19, quickly following it up with a post stating they are looking to purchase access to infected corporate networks comprising anywhere between 500 and 15,000 hosts in the U.S., Canada, Australia, and the U.