The cybercriminals behind the infamous TrickBot trojan have signed two additional distribution affiliates, dubbed Hive0106 (aka TA551) and Hive0107 by IBM X-Force. The result? Escalating ransomware hits on corporations, especially using the Conti ransomware.
The development also speaks to the TrickBot gang’s increasing sophistication and standing in the cybercrime underground, IBM researchers said: “This latest development demonstrates the strength of its connections within the cybercriminal ecosystem and its ability to leverage these relationships to expand the number of organizations infected with its malware.”
The TrickBot malware started life as a banking trojan back in 2016, but it quickly evolved to become a modular, full-service threat. It’s capable of a range of backdoor and data-theft functions, can deliver additional payloads, and has the ability to quickly move laterally throughout an enterprise.
Read more…
Source: ThreatPost