Microsoft; the largest tech company in the United States has become the main target for criminal dark web hackers, over the past few decades. Recently, the company revealed that it was hit by a group of BlackCat ransomware accomplices. Hackers have become brazen with launching phishing scams and ransomware by infecting the Microsoft Exchange servers. It was reported by the company that most exploits launched by threat actors usually target unpatched vulnerabilities found in Microsoft’s suite of software.
The Microsoft Exchange server flaws provide an essential entry point for hackers to infiltrate desktop programs through remote access. Microsoft’s security experts revealed that the BlackCat ransomware threat surfaced two weeks ago. However, they have documented a previous hack utilizing the tech giant’s unpatched vulnerabilities.
The recent hacking campaigns launched by hacking groups systematically attack the victims’ private databases. By advancing its malware across the victim’s computer network, the hackers can obtain passwords and other private information. They can also extract intelligence information, which is expected to launch future extortion campaigns.
Hackers Target Exchange Server
Microsoft 365 Defender Threat Intelligence Team found that with compromised credentials, threat actors have used them as popular entry vectors. In other instances, the cyber analysts revealed that the exploit of Exchange server vulnerabilities helps the hackers to acquire targeted access that further compromises a victim’s network.
So far, Microsoft’s security warning issued in March 2021, only highlights the flaws in its Exchange Server. In the meantime, the recommendations to fix the vulnerabilities that hackers utilize for initial access remain a mystery.
While examining the hackers’ initial access point in the Microsoft Exchange flaw, the cyber research team did not identify the hacking group that launched the latest BlackCat ransomware. However, the team has documented that multiple groups of cyber criminals utilized the Ransomware as a Service (RaaS) method to proactively operate targeted assaults on their victims.
ProxyLogon Attacks Defense
The essential starting point using PsExec has proven to be the best vector for spreading the BlackCat ransomware payloads. With this PsEXex network, the BlackCat malware has catapulted to the top of the list for cyber criminals.
The FIN12 hacking group was one of the first hackers to use the BlackCat malware. This financially driven cyber crime group has been linked to some of the most dangerous ransomware hackers, which include the heartless Conti gang, Ryuk, and the Hive. Mostly the ransomware launched by these threat actors features in cyber attacks on global healthcare businesses.
FIN12 hackers are known to launch their attacks with lightning speed, in two short days they have proven to accomplish successful campaigns. With their targeted campaigns, they go straight for the gold by dumping encrypted payloads on targets’ private networks.
As of March 2022, Microsoft’s security team listed BlackCat in its dispersed payloads catalog. According to the tech company, the dangerous FIN12 hacking group has recruited the BlackCat ransomware method to their roster.
BlackCat’s decryption procedures have proven to be more difficult than the previous Hive payload. The BlackCat ransomware has already been linked to the DEV-0504 hackers. These threat actors use Stealbit, a malicious hacking tool associated with the prolific LockBit dark web hackers.