Notorious Cyber-Criminal Gang Continues Global Targeting, Reveals Kaspersky

In a new advisory published today, cybersecurity firm Kaspersky has exposed the activities of a notorious cybercriminal gang that has been targeting organizations worldwide across various industries. This alarming revelation sheds light on the group’s sophisticated tactics, including the operation of a backdoor named BUGHATCH, the presence of Russian-speaking members within the group, the discovery of new malware samples attributed to Cuba, and the group’s constantly evolving techniques. This emphasizes the importance for organizations to stay informed and proactive against ransomware.

Description of BUGHATCH Backdoor

One of the group’s most notable tools is the BUGHATCH backdoor, a highly sophisticated malicious software operating in the process memory of infected systems. BUGHATCH connects to a Command-and-Control (C2) server to receive instructions, enabling the cyber criminals to carry out various malicious activities within the compromised systems.

Russian-Speaking Members within the Group

During their investigation, Kaspersky’s researchers discovered references to the “komar” folder, revealing the presence of Russian-speaking members within the cybercriminal gang. “Komar,” which translates to “mosquito” in Russian, suggests a connection to the group’s origins or affiliations.

Enhanced Capabilities of the Malware

The group has continuously enhanced BUGHATCH’s capabilities by incorporating additional modules. One such module is responsible for collecting and sending system information to a server via HTTP POST requests. These enhancements allow the attackers to gather valuable data from compromised systems, ensuring that they can maximize their illicit gains.

Discovery of New Malware Sample from Cuba

Kaspersky has recently uncovered new malware samples attributed to a group known as Cuba. These samples, which managed to evade detection by other security vendors, represent updated versions of the BURNTCIGAR malware. The inclusion of encrypted data within these versions makes them even more difficult to detect and thwart.

Features of BURNTCIGAR Malware

The BURNTCIGAR malware, employed by the Cuba group, operates as a single-file ransomware strain. Its unique characteristic is its ability to function without requiring any additional libraries, making it incredibly challenging for traditional antivirus systems to detect and mitigate.

Targeted Industries and Geographic Reach

The Russian-speaking cybercriminal gang has set its sights on organizations across a wide range of industries, spanning North America, Europe, Oceania, and Asia. Employing both publicly available and proprietary tools, the group showcases its adaptability and determination to target victims worldwide.

Dynamic Nature of the Cuba Group and Their Techniques

Despite being under constant scrutiny by cybersecurity professionals, the Cuba Group remains dynamic, continuously refining their tactics to stay ahead of detection. They employ advanced data encryption methods and execute tailored attacks to extract sensitive information from compromised systems. This agile approach reinforces the need for organizations to remain vigilant and ensure their cybersecurity measures are up to date.

Importance of Staying Informed and Proactive Against Ransomware

Kaspersky’s report serves as a wake-up call to organizations worldwide, highlighting the severity and prevalence of cyber threats, particularly ransomware. To protect sensitive data and vital operations, companies must invest in robust cybersecurity measures, including regular updates and patches, employee awareness training, and the deployment of reputable security solutions. By staying informed and proactive, organizations can effectively safeguard themselves against the ever-evolving tactics of cybercriminal gangs like Cuba.

In conclusion, Kaspersky’s advisory offers valuable insights into the activities of a notorious cybercriminal gang that has been targeting organizations worldwide across various industries. Their use of sophisticated backdoor tools, the presence of Russian-speaking members within the group, the discovery of new and evasive malware samples attributed to Cuba, and their dynamic and constantly evolving techniques serve as a clear warning for organizations to prioritize cybersecurity preparedness. It is imperative for businesses to stay informed about emerging threats, adopt best practices, and maintain robust defenses to protect themselves from the ever-present danger of ransomware.

Explore more

Compliance Drives Regulated B2B Influencer Marketing in 2026

The shifting landscape of digital authority has fundamentally transformed how enterprise-level organizations engage with industry experts and thought leaders across global markets. As the professional world moves deeper into this period of technological saturation, the superficial tactics of the past have been replaced by a rigorous commitment to transparency and legal precision. In earlier years, the simple inclusion of a

Transforming Voice of the Customer Into Predictive Action

Corporate boardrooms often overflow with real-time dashboards and complex analytics, yet many organizations still find themselves blindsided by sudden shifts in customer loyalty and market demand. While the technology to capture feedback has become ubiquitous, the structural ability to interpret and act upon that data in a meaningful timeframe remains remarkably rare for the average enterprise. Most traditional systems are

How Will Databricks CustomerLake Redefine Agentic Marketing?

The ongoing evolution of the digital landscape has forced a radical reconsideration of how enterprises capture, process, and ultimately utilize the vast oceans of consumer data generated every second of the day. Modern marketing departments have long struggled with the paradox of having too much information but not enough actionable insight to drive meaningful consumer interactions in real time. The

How Can Small Banks Compete With Global Financial Giants?

Nikolai Braiden has seen the evolution of financial architecture from its early blockchain roots to the current wave of institutional modernization, and today he joins us to dissect a pivotal shift in venture capital. With BankTech Ventures recently deploying $15 million into AI and stablecoin solutions, the landscape for regional banking is undergoing a profound transformation. Braiden’s perspective as an

Bullski Presale Tops the List of Best Meme Coins for 2026

The current cryptocurrency market in 2026 has transitioned into a highly sophisticated arena where institutional standards and community-driven viral momentum converge to create unique financial opportunities. Investors are no longer satisfied with speculative assets lacking fundamental safeguards, leading to a significant shift toward projects that prioritize technical transparency and structured growth. In this evolving landscape, the Bullski presale has emerged