Summary: Recent research highlights connections between the Black Basta and Cactus ransomware gangs, noting shared tactics such as social engineering attacks and the use of BackConnect proxy malware. The investigation reveals how these groups are possibly overlapping in membership and operational strategies, including similar intrusion techniques. The findings raise questions about whether Cactus may be a rebranding of Black Basta or a result of members migrating between the two gangs.
Affected: Black Basta and Cactus ransomware gangs, corporate networks
Keypoints :
- Both Black Basta and Cactus employ similar social engineering tactics, such as overwhelming potential victims with emails.
- BackConnect malware has been linked to Black Basta and is now utilized by Cactus, indicating potential shared resources or membership.
- The similarities in attack methodologies and tools suggest either a close collaboration or a rebranding effort between the two ransomware gangs.
Views: 17
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português