Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware

Microsoft, the prominent American technology giant, has issued a cautionary alert regarding the proliferation of Cactus ransomware attacks disguised as the Danabot malvertising campaign.
The primary goal of this malicious activity is to pilfer sensitive information, including credentials, or serve as a conduit for injecting additional harmful payloads.
The hacking group identified as Storm 0216, previously associated with the dissemination of Qakbot malware, has now been identified as participating in the propagation of the DanaBot Trojan, ultimately leading to the deployment of Cactus Ransomware.
In November of this year, DanaBot was detected infecting online users in Australia and Poland and has since expanded its reach to Italy and neighboring nations, according to research conducted by Cybaze ZLab.
Interestingly, the revelation of DanaBOT aligns with the discovery by security researchers that another cybercriminal group, Artic Wolf, is spreading Cactus ransomware by exploiting a critical vulnerability in the Qlik Business Analytics platform, widely utilized in the corporate realm.
The Microsoft Threat Intelligence teams are actively monitoring cyber threats and their impact on end-users, particularly those using the Windows 11 operating system.
The Cactus criminals have been operating in the shadows since March 2023, demonstrating a proficiency in exploiting vulnerabilities in VPN appliances.
Once infiltrating a connected network, the malware adeptly transforms itself to elude detection by threat monitoring solutions.
Unlike some of its counterparts like LockBit, Cactus ransomware typically demands a ransom amount ranging from $1 million to $3 million, rather than reaching into the double-digit millions.


This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Tue, 05 Dec 2023 06:13:05 +0000


Cyber News related to Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware

Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware - Microsoft, the prominent American technology giant, has issued a cautionary alert regarding the proliferation of Cactus ransomware attacks disguised as the Danabot malvertising campaign. The primary goal of this malicious activity is to pilfer ...
11 months ago Cybersecurity-insiders.com
Twisted Spider's Dangerous CACTUS Ransomware Attack - In a sophisticated cyber campaign, the group Twisted Spider, also recognized as Storm-0216, has joined forces with the cybercriminal faction Storm-1044. Employing a strategic method, they target specific endpoints through the deployment of an initial ...
11 months ago Cysecurity.news
Cactus ransomware exploiting Qlik Sense flaws to breach networks - Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. Qlik Sense supports multiple data sources and allows users to create custom data reports or ...
11 months ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors - Earlier this year, Mandiant's Managed Defense threat hunting team identified an UNC2975 malicious advertising campaign promoting malicious websites themed around unclaimed funds. In each investigation under this campaign, Mandiant identified browser ...
10 months ago Mandiant.com
Cactus ransomware claim to steal 1.5TB of Schneider Electric data - The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. 25MB of allegedly stolen were also leaked on the operation's dark web leak site today as proof of the threat actor's ...
8 months ago Bleepingcomputer.com
'Cactus' Ransomware Strikes Schneider Electric - Schneider Electric is a world leader in industrial manufacturing, be it equipment for industrial automation and control systems, building automation, energy storage, and more. According to a press release from the industrial giant, the damage from ...
9 months ago Darkreading.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
9 months ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
9 months ago Securityboulevard.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
9 months ago Bleepingcomputer.com
Cold storage giant Americold discloses data breach after April malware attack - Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. Americold employs 17,000 people worldwide and ...
10 months ago Bleepingcomputer.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
11 months ago Bleepingcomputer.com
Schneider Electric confirms ransomware attack on sustainability division - French multinational Schneider Electric said its Sustainability Business division suffered from a ransomware attack earlier this month. Schneider Electric said they have confirmed that data was accessed by the hackers. Bleeping Computer, which first ...
9 months ago Therecord.media
Microsoft Alert: New INC Ransomware Targets US Healthcare - Security Boulevard - As per a recent Microsoft alert, a threat actor with malicious financial motives has been observed leveraging a new INC ransomware strain to target the health sector in the United States (US). Given the details in the Microsoft alert, threat ...
1 month ago Securityboulevard.com
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
9 months ago Bleepingcomputer.com
Swedish supermarket chain Coop responds to cyberattack - Coop, one of Sweden's largest supermarket chains, said it is dealing with a cyberattack affecting stores in the county of Värmland. A ransomware gang named Cactus claimed it attacked the company on December 29 and in a statement to Recorded Future ...
10 months ago Therecord.media
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
9 months ago Darkreading.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
10 months ago Helpnetsecurity.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
9 months ago Malwarebytes.com
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
10 months ago Microsoft.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
9 months ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)