top of page

Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies

Cybereason’s global security team is investigating a potentially widespread ransomware campaign run by the Black Basta ransomware group, which is primarily targeting companies in the United States, Canada, Australia and New Zealand.

ADVERSARY: Black Basta

MALWARE FAMILIES: Black Basta, Qbot, Cobalt Strike

ATT&CK IDS: T1049 - System Network Connections Discovery, T1055 - Process Injection, T1218 - Signed Binary Proxy Execution, T1056 - Input Capture, T1036 - Masquerading, T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1547 - Boot or Logon Autostart Execution, T1471 - Data Encrypted for Impact, T1033 - System Owner/User Discovery, T1047 - Windows Management Instrumentation, T1562 - Impair Defenses, T1490 - Inhibit System Recovery

Read More:



Commenting has been turned off.
bottom of page