top of page

BlackBerry Uncovers Cuba Ransomware Group's New Tools and Evolving Tactics in Recent Attacks

BlackBerry has revealed fresh insights into the operations of the Cuba ransomware threat group, uncovering new tools and shedding light on their tactics. Despite being in operation for four years, the Cuba ransomware group remains active and highly impactful, with numerous high-profile attacks recorded across various industries in the first half of 2023.

The BlackBerry Threat Research and Intelligence team delved into a June campaign orchestrated by the Cuba group, involving attacks on a critical infrastructure organization in the US and an IT integrator in Latin America. The threat group, believed to have Russian origins, employed a blend of previously used malicious tools and introduced new ones, including an exploit for the Veeam vulnerability CVE-2023-27532.

This discovery, shared privately with relevant authorities by BlackBerry, underscores the persistent threat posed by Cuba ransomware and the need for enhanced cybersecurity measures across organizations.

The report not only outlines the findings but also provides a comprehensive analysis of the tactics, techniques, and procedures (TTPs) utilized by the Cuba threat group. The report elaborates on the attack vector, defense evasion techniques, privilege escalation methods, and more, showcasing the intricate strategies employed by the group.

The Cuba ransomware group, also known as COLDDRAW or Fidel ransomware, has maintained its operations by evolving its TTPs over time. These tactics involve exploiting vulnerabilities, leveraging both commodity and custom malware, and employing popular pen-testing frameworks like Metasploit and Cobalt Strike. The group also follows a double-extortion strategy, demanding hefty ransom payments from compromised entities.

One of the notable highlights from the report is the use of AI-driven tools by the Cuba ransomware group to evade security measures and execute attacks. The report underlines the need for organizations to bolster their cybersecurity defenses to counter such evolving threats.

This detailed examination of the Cuba ransomware group's methods serves as a stark reminder of the ever-evolving nature of cyber threats. As organizations navigate this landscape, staying informed about the tactics employed by threat actors becomes crucial in maintaining a robust cybersecurity posture. ###


bottom of page