HomeMalware & ThreatsMandiant Reveals Threat Group responsible for Basta Ransomware

Mandiant Reveals Threat Group responsible for Basta Ransomware

Published on

spot_img

A financially motivated hacking group known as UNC4393 has been identified as the primary user of Basta ransomware in an ongoing extortion campaign that started earlier this year. The group, tracked by Google Mandiant, has been operating at a rapid pace, with a median ransom time of approximately 42 hours for victims.

UNC4393, also known as UNC2633 and UNC2500, relies on initial access brokers for network compromise, using phishing emails with QakBot malware. These affiliates are believed to have connections to the Trickbot and Conti groups, which were disrupted by the FBI and other law enforcement agencies, leading UNC4393 to switch to DarkGate malware for initial access.

Once inside a victim’s network, UNC4393 utilizes open-source attack mapping tools like BloodHound, AdFind, and PSnmap to analyze the network and identify potential targets. The group employs credential theft and brute-forcing techniques to gain access to external-facing servers and appliances. While initially deploying Basta manually, UNC4393 later switched to using Knotrock, a custom .NET utility that allows for faster encryption during large-scale attacks.

In a unique instance, researchers observed UNC4393 using an inactive malware variant called SilentNight to establish persistence and evade security detection. This resurgence of SilentNight activity, which began earlier this year, involved the use of malvertising as a delivery method, signaling a departure from the group’s previous reliance on phishing for initial access.

Mandiant’s findings highlight UNC4393’s advanced capabilities in reconnaissance, data exfiltration, and target action. The group’s use of multiple malware variants and tools indicates a high level of sophistication in their operations. The rapid evolution of their tactics and techniques underscores the need for organizations to stay vigilant and adopt robust cybersecurity measures to protect against such threats.

As UNC4393 continues to target victims with Basta ransomware, it is essential for organizations to enhance their cyber defenses and implement security best practices to mitigate the risk of falling victim to this financially motivated threat group. With the landscape of cybercrime constantly evolving, proactive measures and timely response strategies are crucial in safeguarding sensitive data and preventing financial losses.

Source link

Latest articles

Schadsoftware RedLine und META lahmgelegt

In a recent international operation against cybercrime, authorities from various countries have successfully dismantled...

Best Practices for Cloud Environments to Combat Cyber Attacks by IAM

Organisations across the globe are continually looking for new ways to incorporate artificial intelligence...

Explore Son Doong Cave in 360° Flight

The magnificent Son Doong Cave in Vietnam continues to captivate visitors with its breathtaking...

CrossBarking Attack Exposes Opera Browser Users through APIs

Security researchers have recently brought to light a new browser attack that exploits "private"...

More like this

Schadsoftware RedLine und META lahmgelegt

In a recent international operation against cybercrime, authorities from various countries have successfully dismantled...

Best Practices for Cloud Environments to Combat Cyber Attacks by IAM

Organisations across the globe are continually looking for new ways to incorporate artificial intelligence...

Explore Son Doong Cave in 360° Flight

The magnificent Son Doong Cave in Vietnam continues to captivate visitors with its breathtaking...
en_USEnglish