Category | Details |
---|---|
Threat Actors | Black Basta ransomware group |
Campaign Overview | Phishing, social engineering (via Microsoft Teams), and malware deployment targeting multiple sectors globally. |
Target Regions (Or Victims) | Healthcare, finance, manufacturing, energy, national security sectors worldwide. |
Methodology | Phishing emails, impersonation via Microsoft Teams, remote access tools (e.g., AnyDesk, QuickAssist), malware deployment. |
Product Targeted | Sensitive data, credentials, organizational systems, financial assets. |
Malware Reference | Zbot (credential stealing), DarkGate (evasive malware), custom tools for environment-specific targeting. |
Tools Used | Phishing kits, remote access tools (e.g., TeamViewer), obfuscated malware payloads, SharePoint for delivery. |
Vulnerabilities Exploited | User account control bypass, registry run keys, DNS abuse, MFA bypass via QR codes. |
TTPs | Process hollowing, keylogging, clipboard monitoring, lateral movement, obfuscation, and data exfiltration. |
Attribution | Black Basta group, leveraging bespoke tools and advanced evasion tactics. |
Recommendations | Implement email filtering, MFA, privilege management, user training, EDR solutions, and DNS monitoring. |
Source | SOCRadar. |
Read full article : https://socradar.io/black-basta-deploying-zbot-darkgate-bespoke-malware/
The above summary has been generated by an AI language model
Leave a Reply