Buhti Ransomware Operation Repurposes Leaked Encryptors
Buhti Ransomware Operation Repurposes Leaked Encryptors
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
Buhti ransomware, linked to Blacktail threat actors, employs leaked code of LockBit and Babuk variants. By exploiting vulnerabilities like PaperCut NG, they exfiltrate data and distribute ransomware. The addition of a custom Golang exfiltration tool heightens the evolving threat.
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.