CyberSecurity news
FlagThis
securebulletin.com@Secure Bulletin
//
New research indicates a connection between the Black Basta and Cactus ransomware gangs, with both groups employing similar social engineering attacks and the BackConnect proxy malware to gain persistent access to corporate networks. Trend Micro researchers have highlighted how both ransomware groups utilize the BackConnect (BC) module to maintain control over infected hosts and exfiltrate sensitive data. The use of QBACKCONNECT suggests a close working relationship between Black Basta and the QakBot developers.
The BackConnect module, tracked as QBACKCONNECT due to its overlaps with the QakBot loader, grants attackers a wide range of remote control capabilities. This allows them to execute commands, steal sensitive data, such as login credentials, financial information, and personal files. Researchers observed a CACTUS ransomware attack that mirrored Black Basta's methods in deploying BackConnect, but extended their operations to include lateral movement and data exfiltration.
References :
The BackConnect module, tracked as QBACKCONNECT due to its overlaps with the QakBot loader, grants attackers a wide range of remote control capabilities. This allows them to execute commands, steal sensitive data, such as login credentials, financial information, and personal files. Researchers observed a CACTUS ransomware attack that mirrored Black Basta's methods in deploying BackConnect, but extended their operations to include lateral movement and data exfiltration.
Share:
References :
- The Hacker News: Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
- www.bleepingcomputer.com: Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware
- Virus Bulletin: Trend Micro researchers discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines.
- bsky.app: New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks.
- Secure Bulletin: Black Basta and CACTUS ransomware: shared BackConnect module signals affiliate transition
- BleepingComputer: New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks.
- Virus Bulletin: Trend Micro researchers discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines.
Classification:
- HashTags: #Ransomware #BackConnect #BlackBasta
- Company: Trend Micro, BleepingComputer
- Target: Corporations
- Attacker: Black Basta, Cactus
- Product: BackConnect
- Feature: BackConnect
- Malware: BackConnect
- Type: Ransomware
- Severity: Major