In the Black Basta ransomware group, an automated brute force attack tool referred to as BRUTED has been developed to target and compromise edge networking devices such as firewalls and VPNs, as well as other edge networking devices. By using this sophisticated tool, they can efficiently breach vulnerable internet-facing endpoints, making them able to scale ransomware attacks considerably better than ever before.
A researcher at EclecticIQ identified the presence of BRUTED when she analyzed internal chat logs related to the ransomware gang, and she found that BRUTED exists. These logs were used to reveal insight into the tool’s deployment and revealed that Black Basta has been employing BRUTED to conduct credential-stuffing and brute-force attacks since 2023 against a variety of remote access software programs.
This cyber threat has been targeting a wide variety of systems, including SonicWall NetExtender, Palo Alto GlobalProtect, and Citrix NetScaler, highlighting the broad scope of the threat.
It is Black Basta’s intention to improve its operational efficiency by automating brute-force attacks, which in turn allows it to exploit critical infrastructure security vulnerabilities more systematically.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
As a result of the discovery of BRUTED, organizations relying on internet-connected security solutions are at an even higher risk of cybercrime, as the evolving tactics and sophistication of ransomware groups are becoming more complex.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: