Sphynx Chipher Used for Azure Cloud Access

The famous hacker group Blackcat (Alphv) has been utilizing the proprietary software of Sphynx and stolen Microsoft accounts to encrypt Azure cloud storage facilities. One of the unnamed clients of Sophos, a supplier of cybersecurity solutions, has fallen victim to these attacks. Sophos experts conducted an investigation and discovered that the latest version of SPhynx supports the use of user accounting to further compromise security.

The attacks managed to gain access to Sophos Central, a comprehensive cybersecurity solution, by using a stolen disposable password (OTP) extracted from a Lastpass vault through a malicious Chrome extension. Following this, the hackers disabled the protection against intervention and altered the software security policies.

Using the stolen Azure key, the attackers gained entry to targeted storage facilities in the cloud, successfully encrypting 39 Azure accounts by appending the extension “ZKK09CVT” to encrypted files. The attack keys were integrated into the binary mosquito code after being encoded in Base64 format.

The attackers employed various remote monitoring and control tools during the attack, including Anydesk, Splashtop, and Atera.

The SPhyNX code was initially discovered in March 2023 during an investigation into a security breach detailed in the IBM Security X-Force report, which was published at the end of May. The Examatter tool was utilized to extract the stolen data.

Earlier, Microsoft specialists noted that the new SPhynx version contains malicious tools of Remcom and Impacket for traversing targeted networks.

Researchers continually observe that the BlackCat (Alphv) group consistently enhances their attack methods. For instance, last year, the hackers launched a separate site for leaking stolen data, and in July, they introduced a special API to simplify the distribution of this data on the open Internet segment.

Last week, the affiliated unit of the BlackCat group, known as Scatted Spider, announced an attack on MGM Resorts. In an interview with the media, a group representative stated that they have successfully encrypted over 100 hypervisors.

VMware ESXI is extensively used in corporate environments for creating and managing virtual infrastructures. It offers various functionalities, such as virtual machine migration between physical servers, resource reservation management, network virtualization,

/Reports, release notes, official announcements.