The BlackByte ransomware group has been observed exploiting recently patched vulnerabilities in VMware ESXi hypervisors and using various vulnerable drivers to bypass security measures.
Cisco Talos noted that BlackByte is leveraging tactics, techniques, and procedures that have been foundational to its tradecraft since its inception, continuing to iterate its methods.
The exploitation of CVE-2024-37085 shows that BlackByte is adapting its methods, moving beyond established approaches and potentially reflecting a more sophisticated operational capability.
Since its debut in 2021, the BlackByte ransomware group has employed a double extortion strategy, pressuring victims through data leaks on the dark web.
[
Collection
]
[
|
...
]