To the notorious Darkside/Blackmatter crime rings, "indicating they have extensive networks and experience with ransomware operations," security researchers at Cisco Talos and Palo Alto Networks Unit 42 also noted BlackCat preference for Rust, with Unit 42 saying the gang was "one of the first, if not the first" of its kind to use this programming language. The fact that the gang writes its ransomware in Rust, as opposed to C/C++, is interesting. Rust arguably has crucial safety measures built in, That meaning the malware could be more stable and reliable.
Like C/C++ toolchains, the Rust environment can be used to build programs for embedded devices, and integrate with other programming languages, said Attivo Networks Chief Security Advocate Carolyn Crandall. The alert also includes BlackCat indicators of compromise and warns the ransomware typically leverages previously compromised user credentials to gain access to a victim's system. "Initial deployment of the malware leverages PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim's network," After breaking in, the malware compromises Active Directory user and administrator accounts, and it uses Windows Task Scheduler to configure malicious group policy objects to deploy ransomware. But before it executes the ransomware, BlackCat steals a victim's data, including
sources by: thecybersecurityhub.com