BlackSuit functions as ransomware designed to encrypt files within a targeted system. It operates on both Windows and Linux platforms, including VMware ESXi.
Since June 2023, instances of Akira ransomware targeting Linux systems have been identified, tracing back their wider activities to April. The initial infection strategy entails exploiting vulnerabilities in publicly accessible services and applications.
In a striking departure from their previous focus on Latin American and European organizations, the HiatusRAT malware campaign has taken a notable shift in tactics, now directing its attention towards a reconnaissance attack on a server within the U.S. Department of Defense.
Monti represents a relatively new form of ransomware that targets Linux systems, encrypting their files and appending a ".puuuk" extension to them. There have been indications of potential Monti variations that are effective on Windows systems as well.
A critical security vulnerability has recently surfaced, affecting various versions of the Linux kernel. This vulnerability, known as StackRot (CVE-2023-3269), can be exploited with minimal capabilities to compromise the kernel and gain elevated privileges.