Press ESC to close

Black Basta’s Tactical Evolution: Deploying Zbot, DarkGate, and Bespoke Malware

Category Details
Threat Actors Black Basta ransomware group
Campaign Overview Phishing, social engineering (via Microsoft Teams), and malware deployment targeting multiple sectors globally.
Target Regions (Or Victims) Healthcare, finance, manufacturing, energy, national security sectors worldwide.
Methodology Phishing emails, impersonation via Microsoft Teams, remote access tools (e.g., AnyDesk, QuickAssist), malware deployment.
Product Targeted Sensitive data, credentials, organizational systems, financial assets.
Malware Reference Zbot (credential stealing), DarkGate (evasive malware), custom tools for environment-specific targeting.
Tools Used Phishing kits, remote access tools (e.g., TeamViewer), obfuscated malware payloads, SharePoint for delivery.
Vulnerabilities Exploited User account control bypass, registry run keys, DNS abuse, MFA bypass via QR codes.
TTPs Process hollowing, keylogging, clipboard monitoring, lateral movement, obfuscation, and data exfiltration.
Attribution Black Basta group, leveraging bespoke tools and advanced evasion tactics.
Recommendations Implement email filtering, MFA, privilege management, user training, EDR solutions, and DNS monitoring.
Source SOCRadar.

Read full article : https://socradar.io/black-basta-deploying-zbot-darkgate-bespoke-malware/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: SOCRadar

Published on: January 7, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *