"New Exfiltrator-22 Post-exploitation Kit Linked to LockBit Ransomware"
Exfiltrator-22 is a new post-exploitation framework being promoted by threat actors to spread ransomware across corporate networks while evading detection. According to threat analysts at CYFIRMA, this new framework was developed by former LockBit 3.0 affiliates with expertise in anti-analysis and defense evasion, offering a powerful solution for a monthly price. Exfiltrator-22 is priced between $1,000 per month and $5,000 for lifetime access, with ongoing updates and support included. The framework's buyers are provided with an admin panel hosted by a Virtual Private Server (VPS) from which they could control the malware and issue commands to compromised systems. On November 27, 2022, the first version of the Exfiltrator-22 framework was discovered in the wild. About ten days later, its makers created a Telegram channel to advertise the framework to other cybercriminals. By the end of the year, threat actors had disclosed additional features that helped mask traffic on hacked devices, indicating that the framework was actively being developed. In January 2023, its authors deemed the framework to be 87 percent complete, and subscription prices were released, allowing interested users to purchase access to the tool. The threat actors uploaded two videos on YouTube on February 10, 2023, demonstrating Exfiltrator-22's lateral movement and ransomware-spreading capabilities. This article continues to discuss the Exfiltrator-22 framework being promoted by threat actors.
Bleeping Computer reports "New Exfiltrator-22 Post-exploitation Kit Linked to LockBit Ransomware"