Stealthy Infostealer Malware Grants Attackers Persistent Control
A sophisticated cyber-attack has been uncovered by Trend Micro, involving a stealthy infostealer malware that grants attackers persistent control over compromised machines. The attack, which has affected mainly North America, uses social engineering tactics and remote access tools to steal sensitive data.
The attack, which began in October 2024, has been concentrated in the US, Canada, and the UK. It involves the use of OneDriveStandaloneUpdater.exe to sideload malicious DLLs, providing attackers with network access. The malware used is linked to Black Basta and Cactus ransomware actors, who have deployed the same BackConnect malware for remote command execution, credential theft, and financial data exfiltration.
The BackConnect malware is also linked to QakBot, which previously granted Black Basta ransomware actors access to target systems. Behind the scenes, the actors are believed to be affiliated with organized cybercriminal groups, often linked to Eastern European threat actors. The malware is deployed to maintain control over infected systems, with malicious files hosted on commercial cloud storage services.
Attackers use social engineering techniques to gain initial access, exploiting Microsoft Teams for impersonation and Quick Assist for privilege escalation. Black Basta alone extorted $107m from victims in 2023, with manufacturing being the hardest-hit sector.
To counter such evolving threats, organizations are advised to strengthen authentication measures, restrict remote access tool use, audit cloud storage configurations, monitor network traffic, and educate employees on social engineering tactics. Despite the QakBot takedown, the persistent nature of these attacks underscores the importance of robust cybersecurity measures.
Read also:
- Unveiling the Less-Discussed Disadvantages of Buds - Revealing the Silent Story
- "In a daring decision, Battlefield 6 forgoes ray tracing - understanding the advantages this choice brings"
- Dubai's WETEX 2023: Global Showcase for Clean Energy & Sustainability
- Nissan Bolsters Supply Chain Compliance with New Manager and Digital Tools
