UNC2596 observed leveraging vulnerabilities to deploy #Cuba #ransomware. Beyond commonplace tools, like Cobalt Strike BEACON and NetSupport, UNC2596 has used novel #malware, including BURNTCIGAR to disable endpoint protection, WEDGECUT to enumerate active hosts, and the BUGHATCH custom downloader. COLDDRAW ransomware operations have impacted dozens of organizations across more than ten countries, including those within critical infrastructure. Wedgecut, Bughatch, Burntcigar #microsoft #mail #vuln #cyber #threats #informatique

https://www.mandiant.com/resources/unc2596-cuba-ransomware