The TrickBot ransomware gang, which developed the Conti ransomware and BazarLoader, has strengthened its distribution arsenal with the inclusion of new affiliates Hive0106, or TA551, and Hive0107, Threatpost reports.
"Earlier this year, [the TrickBot gang] primarily relied on email campaigns delivering Excel documents and a call-center ruse known as BazarCall to deliver its payloads to corporate users. However…the new affiliates have added the use of hijacked email threads and fraudulent website customer-inquiry forms. This move not only increased the volume of its delivery attempts but also diversified delivery methods with the goal of infecting more potential victims than ever," said IBM X-Force researchers.
Conti ransomware attacks have risen since the addition of the new affiliates. Researchers discovered that Hive0106 has spread TrickBot malware through email thread hijacking, which is also used by the Emotet ransomware gang, since June, according to the report.
Meanwhile, Hive0107 began distributing TrickBot aimed at organizations in the US, Canada and Europe in May after spreading the IcedID trojan in the first six months of the year.
North Korea's Lazarus Group has leveraged the backdoored PDF reader app SwiftLoader used in the RustBucket campaign to facilitate the deployment of the KANDYKORN macOS malware in a bid to better evade detection, according to The Hacker News.
Major logistics firm DP World Australia has disclosed that a cyberattack that disrupted its operations earlier this month resulted in the theft of limited data from its current and former employees, reports BleepingComputer.