Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
CACTUS Ransomware spikes in targeted networks thanks to malicious ads
Message
<blockquote data-quote="Brianwill" data-source="post: 911" data-attributes="member: 15"><p>The Twisted Spider group actively uses the DanaBot Trojan as a delivery channel for dangerous malware.</p><p></p><p>Microsoft has announced a new wave of CACTUS ransomware attacks that use malicious advertising to deploy the DanaBot tool as an initial access vector.</p><p></p><p>Just a few days ago, Arctic Wolf already considered a similar campaign that exploits vulnerabilities in the Qlik Sense business intelligence platform to penetrate target environments and infect them with the CACTUS ransomware, but there are more differences in these cyber incidents than it may seem at first glance.</p><p></p><p>Microsoft Threat Intelligence experts note that infections with the DanaBot malware, which is a multifunctional tool that can act as an infostiler and backdoor, led to active actions on the part of hackers Storm-0216 (Twisted Spider, UNC2198). As a result, this led to the spread of the CACTUS ransomware software, which the company reported in a series of publications on the banned platform.</p><p></p><p>DanaBot is similar in many ways to tools like Emotet, TrickBot, QakBot, and IcedID. Moreover, the Storm-0216 group has previously been seen using IcedID to deploy ransomware families such as Maze and Egregor, as Mandiant detailed in February 2021.</p><p></p><p>According to Microsoft, in the reviewed campaign, the attackers also initially used the initial access provided by QakBot. The operational transition to DanaBot is likely related to a coordinated law enforcement operation in August 2023 that resulted in the elimination of the QakBot infrastructure.</p><p></p><p>The credentials collected using DanaBot are usually transmitted to the attackers server, followed by lateral movement via RDP, followed by data encryption.</p><p></p><p>The new wave of cyber attacks by the Storm-0216 group demonstrates the continued ingenuity of attackers in circumventing security measures and using new tools such as DanaBot. Companies need to regularly update their security systems and monitor the latest threats to protect their data.</p><p></p><p>Vigilance and a proactive approach to cybersecurity are the only reliable way to counter the increasingly sophisticated attacks of cybercriminals.</p></blockquote><p></p>
[QUOTE="Brianwill, post: 911, member: 15"] The Twisted Spider group actively uses the DanaBot Trojan as a delivery channel for dangerous malware. Microsoft has announced a new wave of CACTUS ransomware attacks that use malicious advertising to deploy the DanaBot tool as an initial access vector. Just a few days ago, Arctic Wolf already considered a similar campaign that exploits vulnerabilities in the Qlik Sense business intelligence platform to penetrate target environments and infect them with the CACTUS ransomware, but there are more differences in these cyber incidents than it may seem at first glance. Microsoft Threat Intelligence experts note that infections with the DanaBot malware, which is a multifunctional tool that can act as an infostiler and backdoor, led to active actions on the part of hackers Storm-0216 (Twisted Spider, UNC2198). As a result, this led to the spread of the CACTUS ransomware software, which the company reported in a series of publications on the banned platform. DanaBot is similar in many ways to tools like Emotet, TrickBot, QakBot, and IcedID. Moreover, the Storm-0216 group has previously been seen using IcedID to deploy ransomware families such as Maze and Egregor, as Mandiant detailed in February 2021. According to Microsoft, in the reviewed campaign, the attackers also initially used the initial access provided by QakBot. The operational transition to DanaBot is likely related to a coordinated law enforcement operation in August 2023 that resulted in the elimination of the QakBot infrastructure. The credentials collected using DanaBot are usually transmitted to the attackers server, followed by lateral movement via RDP, followed by data encryption. The new wave of cyber attacks by the Storm-0216 group demonstrates the continued ingenuity of attackers in circumventing security measures and using new tools such as DanaBot. Companies need to regularly update their security systems and monitor the latest threats to protect their data. Vigilance and a proactive approach to cybersecurity are the only reliable way to counter the increasingly sophisticated attacks of cybercriminals. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
CACTUS Ransomware spikes in targeted networks thanks to malicious ads
Top