Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks.
Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware. The observed activity begins with impersonation through voice phishing (vishing), followed by delivery of malicious tools, including remote monitoring and management (RMM) tools like ScreenConnect and NetSupport Manager, malware like Qakbot, Cobalt Strike, and ultimately Black Basta ransomware.
Read more…
Source: Microsoft
Related:
- Hertz Data Breach Included Credit Card, Personal Data
April 15, 2025
The car-rental company Hertz is warning its customers that a data breach exposed personal information including driver’s licenses, credit-card data, contact information and in some cases social security or passport numbers. The company said that hackers breached Cleo Communications, a company that it works with for file transfers. The company said in a “Notice of Data ...
- Chinese police put 3 U.S. operatives on wanted list over cyberattacks
April 15, 2025
Police authorities in Harbin, in northeast China’s Heilongjiang Province, said on Tuesday that they are pursuing three operatives affiliated with the U.S. National Security Agency (NSA) over suspected cyberattacks against China. The Harbin public security bureau said that the three operatives — Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson — had been ...
- Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
April 14, 2025
Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) is a North Korean state-sponsored threat group primarily focused on generating revenue for the DPRK regime, typically by targeting large organizations in the cryptocurrency sector. This article analyzes their campaign that we believe is connected to recent cryptocurrency heists. In this campaign, Slow Pisces engaged with cryptocurrency developers on ...
- Password Spray Attacks Taking Advantage of Lax MFA
April 10, 2025
In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential spraying was primarily designed to discover and compromise accounts not properly secured by multi-factor ...
- Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns
April 9, 2025
Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025. In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated ...
- Hackers to Target Elon Musk For a ‘Full Month’
April 8, 2025
A group of hackers that previously targeted President Donald Trump has pledged to take aim at Elon Musk for the next month. DonRoad Team, which previously claimed responsibility for taking down several Trump-associated websites, announced Monday it would begin hitting sites linked to Elon Musk. Elon Musk has increasing become a target of backlash as a result ...