At a glance.
- LockBit 3.0 reverse engineered.
- Chinese cyberespionage campaign used compromised USB drives.
- Lilac Wolverine exploits personal connections for BEC.
- Killnet claims to have counted coup against the White House.
LockBit 3.0 reverse engineered.
Sophos this morning reports on its reverse engineering of LockBit 3.0 (also known as LockBit Black). It appears that the ransomware's operators are experimenting with making their malware wormable, that is, giving it functionality that would enable it to spread by itself through and across networks. Their research also offers some support to other security experts who've suspected a connection between LockBit and the BlackMatter ransomware family. They "found a number of similarities which strongly suggest that LockBit 3.0 reuses code from BlackMatter," especially in its anti-debugging, obfuscation, API resolution, printer-attack, and shadow-copy deletion features. There are other similarities as well, and Sophos points out that much of LockBit 3.0's tooling mimics what a legitimate penetration tester might use.