Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A resurgence of activity related to the Black Basta ransomware campaign has been observed since early October. The threat actors have refined their tactics, introducing new malware payloads, improved delivery methods, and enhanced defense evasion techniques. The attacks begin with email bombing of target users, followed by social engineering attempts via Microsoft Teams. Operators impersonate IT staff and trick users into installing remote management tools. Once access is gained, they deploy credential harvesters, Zbot, DarkGate, and custom malware. The campaign has been linked to Black Basta ransomware deployments in the past, highlighting its serious nature. The attackers continue to update their strategies and tools rapidly, demonstrating sophisticated and persistent threat behavior.
OPENCTI LABELS :
ransomware,darkgate,blackbasta,zbot
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware