Ransomware gang creates tool to automate VPN brute-force attacks

The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs. The framework has enabled BlackBasta to streamline initial network access and scale ransomware attacks on vulnerable internet-exposed endpoints. The discovery of BRUTED comes from EclecticIQ researcher Arda Büyükkaya following an in-depth examination of the ransomware gang's leaked internal chat logs. Several reports of large-scale brute-forcing and password spray attacks against those devices throughout 2024, some of which might be linked to BRUTED or similar-origin operations. Automating brute-forcing Büyükkaya says Black Basta has been using the automated BRUTED platform since 2023 to conduct large-scale credential-stuffing and brute-force attacks on edge network devices. Analysis of the source code indicates that the framework was specifically designed to brute-force credentials on the following VPN and remote-access prod ... Read full article.