Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Zebra2104 Initial Access Broker Supports Rival Malware Gangs_ APTs-01

Three different groups use a common access vendor (IAB) to carry out online attacks, according to researchers – findings that have revealed a confusing web of attack infrastructure associated with various (and other competitors) malware campaigns.

The BlackBerry Research & Intelligence team has found that ransomware groups known as MountLocker and Phobos, as well as StrongPity advanced persistent threat (APT), have all collaborated with the IAB threat BlackBerry, which they dubbed Zebra2104.

IABs jeopardize networks of various organizations through exploitation, fragmentation, identity theft or other methods, and establish continuous departments to maintain access. Then, they sell that access to the highest consumer on various Black Web forums. These “clients” will then use that access to launch subsequent attacks, such as spyware, botnet infections, or advanced ransomware. According to BlackBerry, the cost of such access ranges from just under $ 25 to thousands of dollars to get into big companies.

Read More: https://threatpost.com/zebra2104-initial-access-broker-malware-apts/176075/