Search This Blog

Powered by Blogger.

Blog Archive

Labels

BlackBerry Discovers Initial Access Broker Linked to 3 Different Hacker Groups

The access was given to various organizations in Australia and Turkey which fell victim to the attack.

 

The latest report from BlackBerry revealed an initial access broker termed "Zebra2104" that has links with three harmful cybercriminals groups, and few are involved in phishing campaigns and ransomware attacks Research and Intelligent team at Blackberry discovered that Zebra2104 gave entry points to ransomware groups such as MountLocker, Phobos, and StrongPity APT. 

The access was given to various organizations in Australia and Turkey which fell victim to the attacks. The StrongPity APT attacked Turkish firms in the healthcare sector, and also targeted smaller enterprises. As per Blackberry, its research suggests an access broker having a lot of manpower, or actors might've built large hidden traps on the web. 

The report also suggests that an inquiry confirmed that MountLocker ransomware was working along with StrongPity, an APT group that dates back to 2012, a Turkish state-sponsored group (allegedly). As of now, it might be hard to believe that criminal groups are sharing resources, but the experts have found a common link, enabled by a fourth criminal group termed Zebra2104, which the experts believe to be an Initial Access Broker (IAB). According to experts, there is an abundance of hacking groups working together, more than mentioned in this article. 

The single-domain directed the experts to a path where they discovered various ransomware attacks, and an APT C2 (command and control). The path turned out to be an IAB--Zebra2104 infrastructure. IAB's general gets access to the top bidders in dark web platforms on underground forums. Following that, the winning bidder deploys ransomware or any other malware in the target organization's systems, the campaign depends on the goals of the attack. 

"A few of the domains had been involved in a phishing campaign that went after state government departments in Australia as well as real estate companies there in September 2020. With the help of other Microsoft reports, the researchers were able to trace the campaigns further to an indicator of compromise of a MountLocker intrusion," reports ZD Net.
Share it:

APT

APT actors

BlackBerry

Hackers

Hacking Group

malware

phishing

Phishing Attacks