CyberSecurityBoard
Sponsor Register Login

RansomHub Affiliate Deploying New Custom Backdoor Dubbed 'Betruger' For Persistence

RansomHub, as a RaaS provider, enables affiliates to leverage sophisticated tools like Betruger, potentially lowering the barrier to entry for conducting complex ransomware attacks. These include adaptive-based protections such as ACM.Ps-RgPst!g1 and ACM.Untrst-RunSys!g1, behavior-based detection like SONAR.TCP!gen1, and file-based identification methods targeting Backdoor.Betruger and associated malware variants. Implementing robust backup strategies, regularly patching systems, and conducting security awareness training for employees remain crucial steps in defending against such evolving threats. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. By developing custom tools, ransomware groups are attempting to stay one step ahead of detection mechanisms and security protocols. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. This sophisticated malware, discovered on March 20, 2025, by the Symantec Threat Hunter team, represents a concerning evolution in ransomware attack methodologies. The emergence of Betruger shows the ongoing arms race between cybercriminals and security experts. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Cybersecurity experts advise organizations to remain vigilant and ensure their security systems are up-to-date. Broadcom analysts noted that Betruger incorporates an array of features crucial for comprehensive system infiltration and data exfiltration. The Betruger backdoor is a multi-function tool specifically designed for executing ransomware attacks. It consolidates various capabilities typically spread across multiple tools, potentially streamlining the attack process and reducing the attacker’s digital footprint. These include the ability to capture screenshots, steal credentials, log keystrokes, perform network scanning, and escalate privileges within the compromised system. A RansomHub affiliate has been observed recently deploying a new custom backdoor named ‘Betruger’.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Mar 2025 13:15:08 +0000


Cyber News related to RansomHub Affiliate Deploying New Custom Backdoor Dubbed 'Betruger' For Persistence

RansomHub Affiliate Deploying New Custom Backdoor Dubbed 'Betruger' For Persistence - RansomHub, as a RaaS provider, enables affiliates to leverage sophisticated tools like Betruger, potentially lowering the barrier to entry for conducting complex ransomware attacks. These include adaptive-based protections such as ACM.Ps-RgPst!g1 and ...
1 month ago Cybersecuritynews.com Ransomhub
RansomHub Ransomware Group Compromised 84 Organization, New Groups Emerging - Cyfirma researchers noted a custom backdoor called “Betruger” being deployed in recent RansomHub operations, representing a significant evolution in ransomware tactics. Unlike some ransomware operations that rely heavily on publicly ...
2 weeks ago Cybersecuritynews.com Ransomhub
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor - The malware's capabilities include a wide range of capabilities that overlap with features commonly found in malicious tools dropped before deploying ransomware payloads, including keylogging, network scanning, privilege escalation, credential ...
1 month ago Bleepingcomputer.com Ransomhub
EvilCorp & RansomHub Working Together to Attack Organizations Worldwide - The attack progression typically follows a pattern of initial SocGholish infection, deployment of the VIPERTUNNEL backdoor, lateral movement through the network, data exfiltration, and finally, RansomHub ransomware deployment. Microsoft first ...
3 weeks ago Cybersecuritynews.com Ransomhub LockBit
RansomHub’s EDRKillShifter Link With Other Well-Established Ransomware Gang’s - New Research - In May 2024, RansomHub introduced EDRKillShifter, a custom endpoint detection and response killer designed to terminate security products by abusing vulnerable drivers, effectively blinding defensive systems before encryption begins. ESET researchers ...
1 month ago Cybersecuritynews.com BianLian Medusa Ransomhub LockBit
RansomHub Ransomware-as-a-service Facing Internal Conflict as Affiliates Lost Access to Chat Portals - Unlike many competitors, RansomHub implemented a business model that directed ransom payments either directly to affiliates or split them at the point of transaction, significantly reducing the risk of “exit-scamming” – a common problem ...
2 weeks ago Cybersecuritynews.com Dragonforce Black Basta Ransomhub
Christie's confirms breach after RansomHub threatens to leak data - Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. Christie's is a prominent auction house with a history spanning 2.5 centuries. ...
11 months ago Bleepingcomputer.com Ransomhub
RansomHub Evolves To Attack Windows, ESXi, Linux and FreeBSD Operating Systems - With RansomHub actively exploiting zero-day vulnerabilities and recruiting displaced ALPHV/LockBit affiliates, organizations must strengthen endpoint security and ensure backup isolation to prevent potential attacks. RansomHub ransomware group ...
2 months ago Cybersecuritynews.com CVE-2024-3400 CVE-2021-42278 CVE-2020-1472 LockBit Ransomhub
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian
Change Healthcare's New Ransomware Nightmare Goes From Bad to Worse - Change Healthcare is facing a new cybersecurity nightmare after a ransomware group began selling what it claims is Americans' sensitive medical and financial records stolen from the health care giant. RansomHub claimed it had health care data on ...
1 year ago Wired.com Ransomhub
RansomHub Ransomware Deploying Malware to Compromise Corporate Networks - The downloaded “Update.zip” contains “Update.js,” a JScript file that sends a POST request to the SocGholish C2 server at “hxxps://exclusive.nobogoods[.]com/updateStatus” to retrieve the next stage of the attack. ...
1 day ago Cybersecuritynews.com Ransomhub
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
1 year ago Infosecurity-magazine.com
New Sophisticated Linux-Backdoor Attacking OT Systems Exploiting 0-Day RCE - OrpaCrab exemplifies how attackers can compromise critical infrastructure without deep knowledge of industrial protocols, instead leveraging common networking standards to hide malicious traffic within legitimate communications. A sophisticated ...
1 month ago Cybersecuritynews.com
Change Healthcare Hit By Cyber Extortion Again - Change Healthcare, a subsidiary of UnitedHealth Group, has been facing renewed extortion from cybercriminals just a month after paying a ransom to prevent the release of data stolen in a February 2024 ransomware attack. The attack, orchestrated by ...
1 year ago Infosecurity-magazine.com Ransomhub
Researchers Unboxed FIN7's Stealthy Python-based Anubis Backdoor - The Python-based malware, dubbed “Anubis Backdoor,” represents an evolution in the group’s tactics, techniques, and procedures (TTPs) that have historically caused billions in damages globally. Cyber Security News is a Dedicated ...
1 month ago Cybersecuritynews.com FIN7
The internet is already scary enough without April Fool's jokes - Thankfully in the security world, I think we've all gotten the hint at this point that we can't just post whatever we want on April 1 of each calendar year and expect people to get the joke. I've put my guard down so much at this point that I ...
1 year ago Blog.talosintelligence.com Hunters Ransomhub
Cyberattack on telecom giant Frontier claimed by RansomHub - An April cyberattack on a large telecommunications company has been claimed by a ransomware gang that is gaining steam as a cybercriminal operation. On Saturday, the RansomHub operation posted Frontier Communications to its leak site claiming to have ...
10 months ago Therecord.media Ransomhub
Detecting And Responding To New Nation-State Persistence Techniques - This article explores the changing landscape of nation-state persistence, advanced detection strategies, and effective response frameworks to help organizations defend against these evolving threats. Nation-state cyber threats have evolved ...
1 week ago Cybersecuritynews.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
6 months ago Aws.amazon.com
Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - The latest version of the Kazuar backdoor could be more sophisticated than previously imagined, according to Palo Alto Networks. The Kazuar backdoor was used by the Russian hacking group Turla to target the Ukrainian defense sector in July 2023, the ...
1 year ago Infosecurity-magazine.com Turla
SocGholish Leveraging Compromised Websites To Deploy RansomHub Ransomware - Security experts recommend implementing robust web filtering solutions, keeping browsers updated, and training users to recognize fake update notifications as critical mitigation strategies against this evolving threat. The infection begins when ...
1 month ago Cybersecuritynews.com Ransomhub
Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
1 year ago Hackread.com
Chinese Hackers New Malware Dubbed 'Squidoor' Attacking Global Organizations - The malware, designed for exceptional stealth, offers attackers multiple methods to maintain persistent access to compromised networks while evading detection from advanced security systems. These methods include HTTP-based communication, reverse ...
1 month ago Cybersecuritynews.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
1 year ago Bleepingcomputer.com APT3 APT33
New macOS Backdoor Linked to Prominent Ransomware Groups - A newly identified macOS backdoor written in Rust appears linked to the prominent ransomware families Black Basta and Alphv/BlackCat, cybersecurity firm Bitdefender reports. The malware, dubbed RustDoor, impersonates Visual Studio, supports both ...
1 year ago Securityweek.com Black Basta

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)