Researchers from Kaspersky have uncovered new malware samples associated with the ransomware group Cuba. These samples are updated versions of the BurntCigar malware, which provides an advanced level of stealth for the group. The investigation by Kaspersky began after a client’s system was compromised in December, leading them to discover the “komar65” library, also known as BugHatch.

BugHatch is a sophisticated backdoor that operates in process memory, executing embedded shellcode and connecting to a command-and-control server. It can receive commands to download software like Cobalt Strike Beacon and Metasploit, indicating Cuba’s involvement. Kaspersky also found other modules distributed by Cuba, including one for collecting system information and another with encrypted data to evade detection.

The group has previously used a double extortion model and is known to target various industries globally. They are skilled at manipulating investigations and extracting sensitive information. To mitigate potential attacks, organizations should stay updated, close vulnerabilities, and have a robust defense team.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles