An extortion campaign begun early this year by an unknown hacking group to extort money has been characterized as using the Basta ransomware to stop victims from unlocking their files. This campaign was discovered by Google Mandiant, which uses the name UNC4393 to track the group. Since the beginning of the year, UNC4393 has been notorious for infecting targets with the Basta ransomware, but in the past 12 months, it has significantly changed how it gains access to its victims.
Before, the threat group essentially relied exclusively on known Qakbot infections to gain initial network access, which was often delivered through phishing emails. In the wake of U.S. law enforcement authorities’ takedown of the Qakbot infrastructure last year, the threat group briefly switched from using the DarkGate malware as an initial access loader to set up the backdoor, before finally turning to SilentNight as a backdoor this year’s attacks.
Mandiant noted, “There are hundreds of victims of the Basta ransomware that are listed on the data leak sites, and this appears to be credible, given UNC4393’s rapid operational speed,” he noted. Another fact to note is that the group takes about 42 hours to ransom a victim at a time. A specialist unit, UNC4393, has demonstrated its ability to conduct reconnaissance quickly, exfiltrate data, and promptly complete objectives.
Besides Silent Night, some othe
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: