New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • The future of cyberconflicts

    December 21, 2020

    The ever-increasing role of technology in every aspect of our society has turned cybersecurity into a major sovereignty issue for all states. Due to their asymmetrical nature, offensive cyber-capabilities have been embraced by many countries that wouldn’t otherwise have the resources to compete on a military or economic level with the most powerful nations of ...

  • Zero-click iOS zero-day found deployed against Al Jazeera employees

    December 20, 2020

    At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a no-user-interaction zero-day vulnerability in the iOS iMessage app, an academic research group said today. Citizen Lab, a cybersecurity and human rights abuse research group at the University of Toronto, said the ...

  • Sunburst: connecting the dots in the DNS requests

    December 19, 2020

    On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a .NET module, has some really interesting and rather unique features. We spent the past ...

  • Stealthy Magecart malware mistakenly leaks list of hacked stores

    December 19, 2020

    A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan (RAT) on compromised e-commerce sites. The threat actors use this RAT for maintaining persistence and for regaining access to the servers of hacked online shops. Once they connect to the ...

  • Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies

    December 18, 2020

    Microsoft has become the latest victim of the ever-widening SolarWinds-driven cyberattack that has impacted rafts of federal agencies and tech targets. Its president, Brad Smith, warned late Thursday to expect many more victims to come to light as investigations continue. Adversaries were able to use SolarWinds’ Orion network management platform to infect users with a stealth ...

  • Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware

    December 18, 2020

    Trend Micro researchers have recently encountered a Negasteal (also known as Agent Tesla) variant that used hastebin for the fileless delivery of the Crysis (also known as Dharma) ransomware. This is the first time that we have observed Negasteal with a ransomware payload. Only a few months ago, Deep Instinct published the first reported case of ...