Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware

Microsoft, the prominent American technology giant, has issued a cautionary alert regarding the proliferation of Cactus ransomware attacks disguised as the Danabot malvertising campaign.
The primary goal of this malicious activity is to pilfer sensitive information, including credentials, or serve as a conduit for injecting additional harmful payloads.
The hacking group identified as Storm 0216, previously associated with the dissemination of Qakbot malware, has now been identified as participating in the propagation of the DanaBot Trojan, ultimately leading to the deployment of Cactus Ransomware.
In November of this year, DanaBot was detected infecting online users in Australia and Poland and has since expanded its reach to Italy and neighboring nations, according to research conducted by Cybaze ZLab.
Interestingly, the revelation of DanaBOT aligns with the discovery by security researchers that another cybercriminal group, Artic Wolf, is spreading Cactus ransomware by exploiting a critical vulnerability in the Qlik Business Analytics platform, widely utilized in the corporate realm.
The Microsoft Threat Intelligence teams are actively monitoring cyber threats and their impact on end-users, particularly those using the Windows 11 operating system.
The Cactus criminals have been operating in the shadows since March 2023, demonstrating a proficiency in exploiting vulnerabilities in VPN appliances.
Once infiltrating a connected network, the malware adeptly transforms itself to elude detection by threat monitoring solutions.
Unlike some of its counterparts like LockBit, Cactus ransomware typically demands a ransom amount ranging from $1 million to $3 million, rather than reaching into the double-digit millions.


This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Tue, 05 Dec 2023 06:13:05 +0000


Cyber News related to Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware

Microsoft issues alert on Cactus Ransomware spreading through DanaBOT Ransomware - Microsoft, the prominent American technology giant, has issued a cautionary alert regarding the proliferation of Cactus ransomware attacks disguised as the Danabot malvertising campaign. The primary goal of this malicious activity is to pilfer ...
1 year ago Cybersecurity-insiders.com LockBit Cactus
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
4 days ago Cybersecuritynews.com
Twisted Spider's Dangerous CACTUS Ransomware Attack - In a sophisticated cyber campaign, the group Twisted Spider, also recognized as Storm-0216, has joined forces with the cybercriminal faction Storm-1044. Employing a strategic method, they target specific endpoints through the deployment of an initial ...
1 year ago Cysecurity.news Cactus
Cactus ransomware exploiting Qlik Sense flaws to breach networks - Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. Qlik Sense supports multiple data sources and allows users to create custom data reports or ...
1 year ago Bleepingcomputer.com CVE-2023-41266 CVE-2023-41265 CVE-2023-48365 LockBit Cactus
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors - Earlier this year, Mandiant's Managed Defense threat hunting team identified an UNC2975 malicious advertising campaign promoting malicious websites themed around unclaimed funds. In each investigation under this campaign, Mandiant identified browser ...
1 year ago Mandiant.com
Cactus ransomware claim to steal 1.5TB of Schneider Electric data - The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. 25MB of allegedly stolen were also leaked on the operation's dark web leak site today as proof of the threat actor's ...
1 year ago Bleepingcomputer.com LockBit Cactus
'Cactus' Ransomware Strikes Schneider Electric - Schneider Electric is a world leader in industrial manufacturing, be it equipment for industrial automation and control systems, building automation, energy storage, and more. According to a press release from the industrial giant, the damage from ...
1 year ago Darkreading.com LockBit Cactus
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
1 year ago Bleepingcomputer.com LockBit Cactus
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Cold storage giant Americold discloses data breach after April malware attack - Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. Americold employs 17,000 people worldwide and ...
1 year ago Bleepingcomputer.com Cactus
Schneider Electric confirms ransomware attack on sustainability division - French multinational Schneider Electric said its Sustainability Business division suffered from a ransomware attack earlier this month. Schneider Electric said they have confirmed that data was accessed by the hackers. Bleeping Computer, which first ...
1 year ago Therecord.media Cactus
Microsoft Alert: New INC Ransomware Targets US Healthcare - Security Boulevard - As per a recent Microsoft alert, a threat actor with malicious financial motives has been observed leveraging a new INC ransomware strain to target the health sector in the United States (US). Given the details in the Microsoft alert, threat ...
4 months ago Securityboulevard.com Inc ransom
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
1 year ago Bleepingcomputer.com Cactus
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Swedish supermarket chain Coop responds to cyberattack - Coop, one of Sweden's largest supermarket chains, said it is dealing with a cyberattack affecting stores in the county of Värmland. A ransomware gang named Cactus claimed it attacked the company on December 29 and in a statement to Recorded Future ...
1 year ago Therecord.media Cactus
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
1 year ago Darkreading.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)