Malvertising leveraged to distribute Cactus ransomware

7 December 2023

Malvertising schemes have been used by the Storm-0216 threat operation, also known as UNC2198 and Twisted Spider, to deploy the Danabot malware to achieve initial systems access before proceeding with the distribution of Cactus ransomware since last month, reports The Record, a news site by cybersecurity firm Recorded Future. “Danabot collects user credentials and other info that it sends to command and control, followed by lateral movement via Remote Desktop Protocol (RDP) sign-in attempts, eventually leading to a handoff to Storm-0216,”

Source: SC Magazine

Date:

7 December 2023

Categorie(s):

NEWS

Tag(s):

Cactus, IT, Malvertising, News

Ex-Cybersecurity Consultant Jailed For Trading Confidential Data4 May 2024
Microsoft plans to lock down Windows DNS like never before. Here’s how.4 May 2024
Kaspersky hits back at claims its AI helped Russia develop military drone systems4 May 2024
Kaspersky hits back at claims it helped Russia develop military drone systems3 May 2024
Smoke and (screen) mirrors: A strange signed backdoor3 May 2024