Buhti Ransomware Operation Repurposes Leaked Encryptors

Threat Level – Red | Vulnerability Report
Download PDF

Buhti ransomware, linked to Blacktail threat actors, employs leaked code of LockBit and Babuk variants. By exploiting vulnerabilities like PaperCut NG, they exfiltrate data and distribute ransomware. The addition of a custom Golang exfiltration tool heightens the evolving threat.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox