Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
Three separate threat groups are all using a common initial access broker (IAB) to enable their cyberattacks, according to researchers – a finding that has revealed a tangled web of related attack infrastructure underpinning disparate (and in some cases rival) malware campaigns.

The BlackBerry Research & Intelligence Team has found that the ransomware groups known as MountLocker and Phobos, as well as the StrongPity advanced persistent threat (APT), have all partnered with an IAB threat actor that BlackBerry has dubbed Zebra2104.

IABs compromise the networks of various organizations through exploitation, credential-stuffing, phishing or other means, then establish persistent backdoors to maintain access. Then, they sell that access to the highest bidder on various Dark Web forums. These “customers” will then use that access to carry out follow-on attacks, such as espionage campaigns, botnet infections or ransomware hits. According to BlackBerry, the price for such access ranges from as little as $25 to thousands of dollars to enter large corporations.

“This discovery presented a great opportunity for us to understand the attribution of IABs,” the firm noted in a posting on Friday. “Performing intelligence correlation can help us build a clearer picture of how these disparate threat groups create partnerships and share resources to further enhance their nefarious goals.”

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.