Malware News Pikabot Malware Surfaces as Qakbot Replacement for Black Basta Attacks

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,602
Content source
https://www.darkreading.com/cyberattacks-data-breaches/pikabot-malware-qakbot-replacement-black-basta-attacks
A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious activity.

Tracked as Water Curupira by Trend Micro, the actor is best known for conducting dangerous campaigns to drop backdoors such as Cobalt Strike that ultimately lead to Black Basta ransomware attacks, researchers said in a post published Jan. 9.
Click to expand...
Water Curupira's Pikabot campaigns begin with phishing emails that employ thread-jacking, a technique that uses existing email threads — possibly stolen from previous victims — to create emails that look like they are part of a previous conversation. This increases the likelihood that a victim will think the email is legitimate and engage with the threat actor.

The campaign sends emails using addresses that are created either through new domains or free email services that use names that can be found in original hijacked email threads. The message includes most of the content of the original thread, including the email subject, but also adds a short message on top directing the recipient to open a malicious email attachment.
Click to expand...
 
  • Like
  • +Reputation
Reactions: Xtwillight, Balrog, Gandalf_The_Grey and 3 others

Similar threads

Gandalf_The_Grey
    • Like
Security News Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
Replies
0
Views
1,032
Security News
Gandalf_The_Grey
Gandalf_The_Grey
vtqhtr413
    • +Reputation
    • Hundred Points
    • Like
Security News Black Basta ransomware gang linked to Windows zero-day attacks
Replies
0
Views
1,721
Security News
vtqhtr413
vtqhtr413
Brownie2019
    • Thanks
Malware News Recent Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Attacks
Replies
0
Views
576
Security News
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top