Ransomware, Threat Management

Emotet botnet leveraged by BlackCat, Quantum ransomware gangs

BleepingComputer reports that the BlackCat and Quantum ransomware groups have been using the Emotet botnet to facilitate the delivery of their respective payloads. While Emotet has typically been part of Conti ransomware's arsenal since its revival last November, the ransomware group's shutdown in June has prompted BlackCat and Quantum to take the reins, with the botnet now being leveraged to enable the installation of a Cobalt Strike beacon as a second-stage payload on compromised systems, a report from AdvIntel revealed. More than 1.2 million systems have already been impacted by Emotet so far this year, with infections peaking between February and March. Following its emergence as a banking trojan eight years ago, Emotet has since been used as a botnet by the TA542 threat group, also known as Mummy Spider. Increasing activity has prompted Emotet to transition to 64-bit modules in April before being upgraded to include a credit card stealer in June.

Related

Rootkit capabilities likely with Windows bugs

Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.

Abusing GitHub flaw could compromise GitLab

Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.