BleepingComputer reports that the BlackCat and Quantum ransomware groups have been using the Emotet botnet to facilitate the delivery of their respective payloads.
While Emotet has typically been part of Conti ransomware's arsenal since its revival last November, the ransomware group's shutdown in June has prompted BlackCat and Quantum to take the reins, with the botnet now being leveraged to enable the installation of a Cobalt Strike beacon as a second-stage payload on compromised systems, a report from AdvIntel revealed.
More than 1.2 million systems have already been impacted by Emotet so far this year, with infections peaking between February and March. Following its emergence as a banking trojan eight years ago, Emotet has since been used as a botnet by the TA542 threat group, also known as Mummy Spider.
Increasing activity has prompted Emotet to transition to 64-bit modules in April before being upgraded to include a credit card stealer in June.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.