New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Accenture Confirms LockBit Ransomware Attack

    August 11, 2021

    08/13/21 08:42 UPDATE: Accenture reportedly acknowledged in an internal memo that attackers stole client information and work materials in a July 30 “security incident.” CyberScoop reports that the memo downplays the impact of the ransomware attack. The outlet quoted Accenture’s internal memo: “While the perpetrators were able to acquire certain documents that reference a small number ...

  • UNC215: Spotlight on a Chinese Espionage Campaign in Israel

    August 10, 2021

    This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures (TTPs) of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle East, Europe, Asia, and North America, this report focuses on intrusion activity primarily observed at Israeli entities. This report comes on the heels of the ...

  • $600m in cryptocurrencies swiped from Poly Network servers after security snafu

    August 10, 2021

    Poly Network, a Chinese software biz that processes cryptocurrency transactions across different blockchain platforms, urged hackers to return $600m worth of stolen digital cash in what it called the “biggest in DeFi history.” DeFi stands for decentralised finance. Protocols like Poly Network allow cryptocurrency traders to exchange digicash across various blockchains; they can be used ...

  • eCh0raix ransomware now targets both QNAP and Synology NAS devices

    August 10, 2021

    A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. This ransomware strain (also known as QNAPCrypt) first surfaced in June 2016, after victims began reporting attacks in a BleepingComputer forum topic. Read more… Source: Bleeping Computer  

  • Actively Exploited Windows Zero-Day Gets a Patch

    August 10, 2021

    Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that’s listed as a zero-day that has been exploited in the wild. Of note, there are 17 elevation-of-privilege (EoP) vulnerabilities, 13 remote code-execution (RCE) issues, eight information-disclosure ...

  • Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising

    August 9, 2021

    In a previous blog entry, we reported on a campaign, which we labeled “Operation Overtrap,” that targeted Japan with a new banking trojan called Cinobi. The campaign, which was perpetrated by a group we named “Water Kappa,” delivered Cinobi via spam. It also delivered the trojan using the Bottle exploit kit, which included newer Internet ...