Subjects with the threat that deploy black bosom and cactus ransom have been found on the same Backconnect (BC) module to maintain constant control over the contaminated hosts, a sign that the branches associated with black bacon can go to the cactus.
“After penetration, it gives the attackers a wide range of remote controls, allowing them to perform commands on an infected machine,” – Trend Micro – Note Monday analysis. “This allows them to steal sensitive data such as login credentials, financial information and personal files.”
It is worth noting that the details of the BC module, which cybersecurity company tracks both qbackconnect with -wit with a qakbot loader, were First documented At the end of January 2025, both the Cyber Intelligence Walmart team and the Sophos, the latter, appointed cluster the name Stac5777.
Over the past year on the Black Basta attack network there are increasingly debt E -mail bombing tactics to trick promising goals into installing an ambulance after addressing the actor threatened under the guise of IT support or service staff.
Then access is the pipes to download the malicious forklift dll (“Winhttp.dll”) called Reedbed using OneDrivestandaloneupdater.exe, legal execution responsible for updating Microsoft OneDrive. In the end, the loader deciphered and running a BC module.
Trend Micro said there was an attack on the ransom of cacti, which uses the same mode of operation to deploy feedback, but also goes beyond it to carry out various actions after operation, such as lateral movement and data operation. However, the victim network efforts ended with the right.
Convergence tactics acquires particular importance in light Latest Chat Black Basta Leaks This is a nude gang on electronic crimes Internal work and organizational structure.
Specifically, this is conclusion This financially -motivated crew members have shared true powers, some of which were received from magazines on theft. Some of the other known points of the original access are the desktop remote (RDP) and the final points of the VPN.
“The actors threatening use these tactics, methods and procedures (TTP) – hesitant, ambulance as a remote tool and backconnect – to deploy Black Basta Ransomware,” Trend Micro said.
“In particular, there are data that suggest that the members have moved from the Black Basta Ransomware group to a Cactus ransom group. This conclusion is made from the analysis of similar tactics, methods and procedures (TTPS) used by a group of cacti.”
