top of page
Search
Writer's pictureStormsec

Aggressive Qakbot Campaign and the Black Basta Ransomware Group Targeting U.S. Companies

Cybereason’s global security team is investigating a potentially widespread ransomware campaign run by the Black Basta ransomware group, which is primarily targeting companies in the United States, Canada, Australia and New Zealand.




ADVERSARY: Black Basta



MALWARE FAMILIES: Black Basta, Qbot, Cobalt Strike


ATT&CK IDS: T1049 - System Network Connections Discovery, T1055 - Process Injection, T1218 - Signed Binary Proxy Execution, T1056 - Input Capture, T1036 - Masquerading, T1027 - Obfuscated Files or Information, T1059 - Command and Scripting Interpreter, T1547 - Boot or Logon Autostart Execution, T1471 - Data Encrypted for Impact, T1033 - System Owner/User Discovery, T1047 - Windows Management Instrumentation, T1562 - Impair Defenses, T1490 - Inhibit System Recovery


Read More:

3 views

Comments


Commenting has been turned off.
bottom of page