Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks.
Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware. The observed activity begins with impersonation through voice phishing (vishing), followed by delivery of malicious tools, including remote monitoring and management (RMM) tools like ScreenConnect and NetSupport Manager, malware like Qakbot, Cobalt Strike, and ultimately Black Basta ransomware.
Read more…
Source: Microsoft
Related:
- AI Agents are here. So are the threats.
May 1, 2025
Agentic applications are programs that leverage AI agents — software designed to autonomously collect data and take actions toward specific objectives — to drive their functionality. As AI agents are becoming more widely adopted in real-world applications, understanding their security implications is critical. This article investigates ways attackers can target agentic applications, presenting nine concrete attack ...
- Millions of users possibly at risk after Ascension healthcare reveals new data breach, potentially linked to Cl0p ransomware
May 1, 2025
One of the biggest private healthcare systems in the US, Ascension, has notified patients that personally identifiable information (PII) including health data, was stolen in a previously unannounced attack affecting a former business partner in December 2024. The incident follows a previous ransomware attack in May 2024, in which the sensitive data of six million patients, ...
- Harrods becomes latest retailer struck by cyberattack attempts
May 1, 2025
Harrods has become the latest retailer to be targeted by cyberattacks, which have struck Marks and Spencer and The Co-op this week. The luxury department store revealed it has had to take action against similar hacking attempts in recent days. In a statement shared with ITV News, Harrods said: “We recently experienced attempts to gain unauthorised ...
- Email Attacks Drive Record Cybercrime Losses in 2024
May 1, 2025
The FBI’s Internet Crime Complaint Center (IC3) has released its 2024 Internet Crime Report. And it has revealed a record-breaking surge in cybercrime losses across the United States. Last year, total losses reached $16.6 billion, which is a 33% increase from the previous year. Email continues to be the most exploited attack vector, with cybercriminals using ...
- The Co-op fights attempted hack as M&S cyber attack rages on
April 30, 2025
The Co-op has been forced to shut off parts of its IT systems after it was confronted with an attempted hack. The Manchester-headquartered group has confirmed some of its back office and call centre services have been impacted. However, it added that all its stores, including grocery and funeral homes are trading as usual. It comes ...
- Phishing Domains Associated with LabHost PhaaS Platform Users
April 29, 2025
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform between November 2021 and April 2024. Prior to being disabled by law enforcement in April 2024, LabHost was one of the world’s largest PhaaS providers, offering a range of illicit services for approximately ...