Researchers from Kaspersky have uncovered new malware samples associated with the ransomware group Cuba. These samples are updated versions of the BurntCigar malware, which provides an advanced level of stealth for the group. The investigation by Kaspersky began after a client’s system was compromised in December, leading them to discover the “komar65” library, also known as BugHatch.
BugHatch is a sophisticated backdoor that operates in process memory, executing embedded shellcode and connecting to a command-and-control server. It can receive commands to download software like Cobalt Strike Beacon and Metasploit, indicating Cuba’s involvement. Kaspersky also found other modules distributed by Cuba, including one for collecting system information and another with encrypted data to evade detection.
The group has previously used a double extortion model and is known to target various industries globally. They are skilled at manipulating investigations and extracting sensitive information. To mitigate potential attacks, organizations should stay updated, close vulnerabilities, and have a robust defense team.