Recent findings indicate that threat actors utilizing the Black Basta and CACTUS ransomware families are employing a shared BackConnect module for maintaining control over compromised hosts. Trend Micro's analysis reveals that this module allows attackers to steal sensitive data after infiltrating systems through tactics like email bombing. Both ransomware groups demonstrate similar tactics, including deploying malicious loaders for data exfiltration. The situation emphasizes the significance of the leaked Black Basta chat logs, revealing the organizational dynamics of these financially motivated cybercriminals.
"Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute commands on the infected machine. This enables them to steal sensitive data, such as login credentials, financial information, and personal files."
"Trend Micro observed a CACTUS ransomware attack that employed the same modus operandi to deploy BackConnect, but also went beyond it to carry out various post-exploitation actions like lateral movement and data exfiltration."
Collection
[
|
...
]