Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Essential information
- Published
- 16/05/2024 09:27
- Modified
- 16/05/2024 10:01
- Tags
- 2024-05-11 2024-05-16 black basta malware pinkslipbot qakbot qbot quackbot ransomware remote access social engineering vishing
- Related entities
- 12 observables, 1 intrusion sets (apt), 12 techniques (mitre), 5 malware
Description
The report describes a recent campaign by the threat actor Storm-1811, a financially motivated cybercriminal group known for deploying Black Basta ransomware. The campaign begins with social engineering tactics like voice phishing (vishing) and email bombing to trick users into granting remote access to their devices through the Windows Quick Assist feature. Once access is gained, the attackers deploy malware like Qakbot, remote monitoring tools like ScreenConnect and NetSupport Manager, and Cobalt Strike beacons, ultimately leading to the deployment of Black Basta ransomware on compromised systems.