The hackers had network access for two weeks prior to launching their attack
Last month, Israeli cybersecurity company Morphisec identified a new variant of Babuk ransomware, while investing a customer’s prevention attack.
Babuk, also known as Fancy Gang and Vasa Locker, was first discovered in the beginning of 2021, has been known to target large enterprises and steal data in double-extortion attacks. The hackers behind the group are believed to be Russian speakers.
According to the new Morphisec report, now “threat actors have combined Babuk’s leaked source code with open-source evasive software and side loading techniques to create a variant previously unseen in the wild.”
“The attackers had network access for two weeks of full reconnaissance prior to launching their attack. They have compromised the company’s domain controller and used it to distribute ransomware to all devices within the organization through GPO,” add the researchers, noting that at the moment, due to the ongoing investigation, no details about the full attack chain will be published.