Unraveling the CACTUS Ransomware Group’s Recent Exploits
The CACTUS ransomware group has targeted two new victims, Astro Lighting and Orthum Bau, in their latest cyberattacks. The motive behind these attacks is unclear, but both companies seem to be operating normally despite the alleged attacks. The CACTUS group has been active for several months and uses various tactics to infiltrate networks, including exploiting VPN vulnerabilities and using custom scripts. Their encryption method involves hiding a decryption key in a file named ntuser.dat. The group also utilizes tools like Cobalt Strike and Chisel for command and control.