⇤ ← Revision 1 as of 2022-11-27 12:09:15
403
Comment:
|
← Revision 2 as of 2022-11-27 12:13:01 ⇥
924
|
Deletions are marked like this. | Additions are marked like this. |
Line 11: | Line 11: |
The attack chain commences with a spear-phishing email bearing a malicious disk image file that, when opened, kickstarts the execution of Qbot, which, for its part, connects to a remote server to retrieve the Cobalt Strike payload. |
|
Line 13: | Line 17: |
"In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and Danielle Frankel said in a report shared with The Hacker News. |
Contents
The attack chain commences with a spear-phishing email bearing a malicious disk image file that, when opened, kickstarts the execution of Qbot, which, for its part, connects to a remote server to retrieve the Cobalt Strike payload.
1. history
"In this latest campaign, the Black Basta ransomware gang is using QakBot malware to create an initial point of entry and move laterally within an organization's network," Cybereason researchers Joakim Kandefelt and Danielle Frankel said in a report shared with The Hacker News.