Cuba Ransomware Continues to Evolve with Dangerous Backdoor
Posted Jun 13, 2025 | Hits: 4
Country:
USA
Region:
TX
City:
Austin
Zip:
78753
The Cuba ransomware group, known for its Russian-speaking operators, continues to advance its tactics, posing a significant threat to organizations across the globe. Recent research by Kaspersky has unveiled new versions of the Cuba group’s malware, specifically the BurntCigar malware, showcasing the group’s ongoing evolution.
Kaspersky’s investigation began after an incident was detected on a client’s system in December. The attack led to the deployment of a sophisticated backdoor called “komar65” or BugHatch. This backdoor operates in process memory, executing embedded shellcode and connecting to a command-and-control server. It can receive instructions to download additional software, including notorious tools like Cobalt Strike Beacon and Metasploit. The use of Veeamp in the attack strongly suggests Cuba’s involvement.
for more details please visit our website :https://www.secuzine.com/cuba-ransomware-continues-to-evolve-with-dangerous-backdoor/
Kaspersky’s investigation began after an incident was detected on a client’s system in December. The attack led to the deployment of a sophisticated backdoor called “komar65” or BugHatch. This backdoor operates in process memory, executing embedded shellcode and connecting to a command-and-control server. It can receive instructions to download additional software, including notorious tools like Cobalt Strike Beacon and Metasploit. The use of Veeamp in the attack strongly suggests Cuba’s involvement.
for more details please visit our website :https://www.secuzine.com/cuba-ransomware-continues-to-evolve-with-dangerous-backdoor/