Cybereason’s global security team is investigating a potentially widespread ransomware campaign run by the Black Basta ransomware group, which is primarily targeting companies in the United States, Canada, Australia and New Zealand.
ADVERSARY: Black Basta
TARGETED COUNTRIES: New Zealand, Australia, United Kingdom of Great Britain and Northern Ireland, Canada, United States of America
MALWARE FAMILIES: Black Basta, Qbot, Cobalt Strike
ATT&CK IDS: T1049 - System Network Connections Discovery, T1055 - Process Injection, T1218 - Signed Binary Proxy Execution, T1056 - Input Capture, T1036 - Masquerading, T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1547 - Boot or Logon Autostart Execution, T1471 - Data Encrypted for Impact, T1033 - System Owner/User Discovery, T1047 - Windows Management Instrumentation, T1562 - Impair Defenses, T1490 - Inhibit System Recovery
Read More:
Comments