New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Linux Spyware Stack Ties Together 5 Chinese APTs

    August 5, 2020

    A stack of Linux backdoor malware used for espionage, compiled dynamically and customizable to specific targets, is being used as a shared resource by five different Chinese-language APT groups, according to researchers. According to an analysis from BlackBerry released at Black Hat 2020 on Wednesday, those five groups have turned out to all be splinters of ...

  • How hackers gain root access to SAP enterprise servers through SolMan

    August 5, 2020

    Researchers have demonstrated how a set of vulnerabilities in SAP Solution Manager could be exploited to obtain root access to enterprise servers. Speaking at Black Hat USA on Wednesday, Onapsis cybersecurity researchers Pablo Artuso and Yvan Genuer explained how the bugs were found in SAP Solution Manager (SolMan), a system comparable to Windows Active Directory. SolMan is ...

  • Canon hit by Maze Ransomware attack, 10TB data allegedly stolen

    August 5, 2020

    Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, USA website, and other internal applications. BleepingComputer has been tracking a suspicious outage on Canon’s image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature. The image.canon site suffered an outage ...

  • A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return

    August 5, 2020

    The banking trojan Emotet has returned after a five-month hiatus. But, in an amusing twist, one cyber vigilante is thwarting the malware’s comeback. Researchers say a mysterious vigilante is fighting the threat actors behind the malware’s comeback by replacing malicious Emotet payloads with whimsical GIFs and memes. “Emotet was finding default username and password WordPress installs ...

  • Hacker leaks passwords for 900+ enterprise VPN servers

    August 5, 2020

    A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community. According to a review, the list ...

  • Lost in Translation: When Industrial Protocol Translation goes Wrong

    August 5, 2020

    Translation makes it possible to exchange information across the globe, regardless of language differences. Translation plays a similar role in industrial internet of things (IIoT) environments where different devices, such as interfaces, sensors, and machines, use different protocols. Protocol gateways handle the translation of these different protocols in an industrial facility, allowing devices to communicate ...