Infamous ransomware hackers reveal new tool to brute-force VPNs

News
By published

Black Basta's leaked chat logs reveals BRUTED tool

person at a computer
(Image credit: Photo by Jefferson Santos on Unsplash)
  • Researchers uncovered a brute-forcing tool called BRUTED
  • It was used since 2023 against VPNs and firewalls
  • BRUTED allows for automated brute-force and credential stuffing attacks

The infamous Black Basta ransomware actors created an automated framework for brute-forcing firewalls, VPNs, and other edge networking devices.

The “BRUTED” tool has apparently been in use for years now, according to cybersecurity researchers EclecticIQ, who have been sifting through the recently-leaked Black Basta chat logs, which were leaked and subsequently uploaded to a GPT for easier analysis.

Besides being used to analyze the group’s structure, organization, and activities, researchers used it to identify the tools, too. Apparently, BRUTED was in use since 2023 in large-scale credential stuffing and brute-force attacks. The endpoints being targeted include SonicWall NetExtender, Palo Alto GlobalProtect, Cisco AnyConnect, Fortinet SSL VPN, Citrix NetScaler (Citrix Gateway), Microsoft RDWeb (Remote Desktop Web Access), and WatchGuard SSL VPN.

High confidence often leads to victimization

The tool first identifies potential victims by enumerating subdomains, resolving IP addresses, and appending prefixes such as “vpn”, or “remote”. It then pulls a list of potential login credentials and combines them with locally generated guesses, executing as many requests as possible.

To narrow the list down, BRUTED extracts Common Name (CN) and Subject Alternative Names (SAN) from the SSL certificates of targeted devices, as well, the researchers said.

Finally, to remain under the radar, BRUTED uses a list of SOCKS5 proxies, although its infrastructure is apparently located in Russia.

To protect against brute-force and credential stuffing attacks, businesses should make sure all their edge devices and VPN instances have strong, unique passwords, consisting of at least eight characters, both uppercase and lowercase, numbers, and special characters. They should also enforce multi-factor authentication (MFA) on all possible accounts, and apply the zero-trust network access (ZTNA) philosophy, if possible.

Ultimately, monitoring the network for authentication attempts from unknown locations, as well as for numerous failed login attempts, is a great way to spot attacks.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Huge cyber attack under way - 2.8 million IPs being used to target VPN devices
An abstract image of padlocks overlaying a digital background.
BeyondTrust says hackers hit its remote support products
Data leak
Details of over 15,000 FortiGate devices leaked online, so be on your guard
Cartoon Phishing
Over a billion credentials stolen were stolen in malware attacks in 2024
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Latest in Security
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
An image of the Nintendo Switch 2
Nintendo Switch 2 could have AI upscaling similar to PS5 Pro’s PSSR according to patent, and it could be a gamechanger for graphics on the upcoming console
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 18 (game #380)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 18 (game #646)
More about security
ransomware avast

One of the most powerful ransomware hacks around has been cracked using some serious GPU power
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Google DeepMind panel discussion

“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
See more latest
Most Popular
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
An image of the Nintendo Switch 2
Nintendo Switch 2 could have AI upscaling similar to PS5 Pro’s PSSR according to patent, and it could be a gamechanger for graphics on the upcoming console
Samsung Galaxy S24 hands on handheld back straight white
The Samsung Galaxy S24 is getting one of the S25’s biggest video upgrades with One UI 7 – here’s why Log Video matters
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
AI fashion
I asked ChatGPT 4o, Gemini Live, and Siri what to wear, and only one could really help me look my best
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 18 (game #646)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 18 (game #380)
Seagate's new Genshin Impact Limited Edition SSD on a desk.
I didn't know an SSD could be cute until I saw Seagate's new Genshin Impact limited edition
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power