Cybereason researchers identified widespread Qakbot (QBot or Pinkslipbot) campaigns targeting U.S.-based companies. These recent campaigns are the work of the Black Basta ransomware gang.
The Black Basta gang has been dispersing malicious URL links or disk image files using spam or phishing emails since mid-November. These URLs or files distribute Qakbot to establish a first point of entry and maintain a presence on the networks of victims. During the compromise, Cobalt Strike is being used to remotely acquire domain administrator rights. Threat actors are aggressively using Qakbot as malware that provides access as a service, as evidenced by these most recent campaigns with modifications.
Also Read: Strengthening Enterprise Cybersecurity to Combat Rising Cyber Attacks
Such connections between significant threat actors also show that the assailants are actively working to hone their strategies and effectiveness.
Read More: Black Basta and Qakbot Join Hands to Attack U.S. Companies
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.