.png)
BOOK THIS SPACE FOR AD
ARTICLE AD
In an aggressive and widespread campaign, Black Basta malware is using Qakabot malware – also referred to as QBot or Pinkslipbot – as its initial vector of compromise, which is an.IMG file. This campaign has targeted 10 to 15 different customers over the last two weeks, with a majority of the focus being on US-based companies.
In a threat advisory published by Cybereason Global SOC (GSOC) on November 23, the threat advisory states that the infection is typically initiated by spam or phishing emails that contain malicious links, with Black Basta mainly using Qakbot to stay active on victims’ networks by deploying malicious URL links as their primary method of spreading the infection.
“The Black Basta ransomware gang is using Qakbot malware to construct an initial point of entry within a target organization’s network, allowing it to move laterally and further infiltrate the network,” according to the report.
There have been several groups that have augmented the functionality of Qakbot with additional modules. These groups have been demonstrated to be useful for information theft, backdoors, and website downloaders. A new method of delivering Qakbot’s malicious payload has been adopted, and it is no longer delivering it using JavaScript. Instead, it uses Visual Basic. SS
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
Bengali (Bangladesh) · 
English (United States) ·