Blackberry’s Research and Intelligence Team writes:
BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.
Cuba ransomware is currently into the fourth year of its operation and shows no sign of slowing down. In the first half of 2023 alone, the operators behind Cuba ransomware were the perpetrators of several high-profile attacks across disparate industries.
The BlackBerry Threat Research and Intelligence team investigated a campaign by this threat group conducted in June that culminated in attacks on an organization within the critical infrastructure sector in the United States, and also on an IT integrator in Latin America. The Cuba threat group, believed to be of Russian origin, deployed a set of malicious tools that overlapped with previous campaigns associated with this attacker, as well as introducing new ones — including the first observed use of an exploit for the Veeam vulnerability CVE-2023-27532.
Note that prior to the publication of this report, BlackBerry shared this information privately with the relevant authorities, to support security and resilience across organizations worldwide.
This report documents our findings and breaks down the technical details of these latest attacks, and discusses in depth the latest evolution in tactics, techniques, and procedures (TTPs) utilized by the Cuba threat group.
Read more at BlackBerry.