Michael Gorelik of Morphisec writes:
Morphisec recently investigated an incident involving a new variant of one of the most aggressive ransomware families: Mimic version 7.5. First observed in 2022, Mimic remains relatively underreported in the public domain, aside from a detailed analysis of Mimic version 6.3 that was previously published by Cyfirma and Kaspersky.
Target Audience: This threat analysis is intended for cybersecurity professionals, incident responders, and IT administrators in high-risk industries—particularly those in the healthcare sector—who are responsible for detecting, preventing, and mitigating ransomware threats.
Introduction
This threat analysis is based on a fresh incident investigation involving a healthcare sector victim attacked by Mimic version 7.5.
While we will highlight some of the new functions integrated into the latest Mimic ransomware executable, the most compelling part of this analysis focuses on the initial access tactics used by the attackers — shared here for the first time.
Our investigation suggests that previously deployed Clipper malware was leveraged for credential harvesting and reentry into the environment.
We will also dive into additional techniques employed by the adversaries during reconnaissance and lateral movement. Finally, we will share observed data exfiltration techniques, to provide defenders with valuable insights to strengthen early detection and prevention efforts against this evolving threat.
Read more at Morphisec.