Differences between revisions 1 and 2
Revision 1 as of 2022-11-27 12:09:15
Size: 403
Comment:
Revision 2 as of 2022-11-27 12:13:01
Size: 924
Comment:
Deletions are marked like this. Additions are marked like this.
Line 11: Line 11:


The attack chain commences with a spear-phishing email bearing a malicious disk image file that, when opened, kickstarts the execution of Qbot, which, for its part, connects to a remote server to retrieve the Cobalt Strike payload.
Line 13: Line 17:
"In this latest campaign, the Black Basta ransomware gang is using QakBot malware
to create an initial point of entry and move laterally within an organization's network,"
Cybereason researchers Joakim Kandefelt and Danielle Frankel said in a report shared with The Hacker News.

Contents

  1. history
Black Basta Ransomware Gang Actively Infiltrating U.S. Companies with Qakbot Malware November 24, 2022Ravie Lakshmanan https://thehackernews.com/2022/11/black-basta-ransomware-gang-actively.html

The attack chain commences with a spear-phishing email bearing a malicious disk image file that, when opened, kickstarts the execution of Qbot, which, for its part, connects to a remote server to retrieve the Cobalt Strike payload.

1. history

"In this latest campaign, the Black Basta ransomware gang is using QakBot malware 
to create an initial point of entry and move laterally within an organization's network," 
Cybereason researchers Joakim Kandefelt and Danielle Frankel said in a report shared with The Hacker News.


CategoryDns CategoryWatch CategoryTemplate

MoinQ: Security/ransomware/Oakbot (last edited 2022-11-27 12:13:01 by ToshinoriMaeno)