In a sophisticated cyber campaign, the group Twisted Spider, also recognized as Storm-0216, has joined forces with the cybercriminal faction Storm-1044. Employing a strategic method, they target specific endpoints through the deployment of an initial access trojan known as DanaBot.
Subsequently, Twisted Spider leverages this initial access to execute the deployment of the CACTUS ransomware.
Recent insights from Microsoft Threat Intelligence on X shed light on Storm-0216’s tactics. Operating under aliases such as Twisted Spider or UNC2198, this ransomware entity employs an advanced banking Trojan, Danabot. This intricate pairing of cyber threats showcases the evolving and complex nature of Twisted Spider’s malicious endeavors.
Additionally, the security researchers highlighted the adaptive tactics of Storm-0216, which was previously recognized for utilizing QakBot’s infrastructure for infections. However, following the dismantling of this operation by law enforcement last summer, the group was compelled to pivot to a different platform.
The latest Danabot campaign, initially identified in November, indicates a notable shift. Unlike the previous malware-as-a-service model, the group appears to be using a private version of the info-stealing malware. Microsoft explained that DanaBot, known for providing hands-on keyboard activity to its partners, has undergone a transformation in its deployment strategy.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: