Press ESC to close

Black Basta’s Tactical Evolution: Deploying Zbot, DarkGate, and Bespoke Malware

Category Details
Threat Actors Black Basta ransomware group
Campaign Overview Phishing, social engineering (via Microsoft Teams), and malware deployment targeting multiple sectors globally.
Target Regions (Or Victims) Healthcare, finance, manufacturing, energy, national security sectors worldwide.
Methodology Phishing emails, impersonation via Microsoft Teams, remote access tools (e.g., AnyDesk, QuickAssist), malware deployment.
Product Targeted Sensitive data, credentials, organizational systems, financial assets.
Malware Reference Zbot (credential stealing), DarkGate (evasive malware), custom tools for environment-specific targeting.
Tools Used Phishing kits, remote access tools (e.g., TeamViewer), obfuscated malware payloads, SharePoint for delivery.
Vulnerabilities Exploited User account control bypass, registry run keys, DNS abuse, MFA bypass via QR codes.
TTPs Process hollowing, keylogging, clipboard monitoring, lateral movement, obfuscation, and data exfiltration.
Attribution Black Basta group, leveraging bespoke tools and advanced evasion tactics.
Recommendations Implement email filtering, MFA, privilege management, user training, EDR solutions, and DNS monitoring.
Source SOCRadar.

Read full article : https://socradar.io/black-basta-deploying-zbot-darkgate-bespoke-malware/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: SOCRadar

Published on: January 7, 2025

Related posts:

BLACK BASTA : RANSOMWARE Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight Qilin Ransomware: What You Need To Know The State of Cloud Ransomware in 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Updated with Our Newsletter

Filter Posts by Date

Explore Topics