BlackCat hacker group methods exposed by Israeli cybersecurity firm
The Israeli cybersecurity company, Sygnia, revealed new details about a group of hackers known as BlackCat. First active in November 2021, the group focuses on attacking high-profile multi-sector and international organizations. Sygnia investigated this suspicious activity on BlackCat's network, which was eventually identified as a financial extortion attack that included a massive information leak.
The Sygnia team, led by Oren Biederman, a senior expert in detection and response to cyber incidents, provides a detailed, step-by-step description of all the actions performed by the BlackCat group during an attack on a customer. The researchers also provide advice for organizations and companies on how to defend themselves ahead of time against similar attacks. This is based on the defensive activity carried out for a Sygnia client that was attacked by BlackCat in 2023.
Like other hacker groups, BlackCat uses a Ransomware-as-a-Service business model, which allows its partners to leverage their tools and infrastructure for extortion attacks.