😷 Researchers Link CACTUS Roaming Tactics to Former Black Basta Affiliates

chushpan

chushpan

Professional
Messages
661
Reaction score
449
Points
63
👉 Threat actors deploying the Black Basta and CACTUS ransomware families use the same BackConnect (BC) module to maintain persistent control over infected hosts, suggesting that affiliates previously associated with Black Basta may have migrated to CACTUS.

📰 “Once infiltrated, it provides attackers with a wide range of remote control capabilities, allowing them to execute commands on the infected machine”, Trend Micro said in an analysis published Monday. “This allows them to steal sensitive data such as credentials, financial information, and personal files”.

🗞 It’s worth noting that details of the BC module, which the cybersecurity company is tracking as QBACKCONNECT due to matches with the QakBot loader, were first documented in late January 2025 by both Walmart’s cyber intelligence team and Sophos, the latter of which named the cluster STAC5777.

📌 Over the past year, Black Basta attack chains have increasingly used email bombing tactics to trick potential targets into installing Quick Assist after being contacted by a threat agent posing as IT or technical support staff.
 
You must log in or register to reply here.

Similar threads

Friend
Black Basta: Behind the Scenes of Digital Blackmail
Replies
0
Views
99
Friend
Friend
chushpan
😷 Medusa Ransomware hits 40+ victims in 2025, demanding ransoms of $100,000 to $15 million
Replies
0
Views
105
chushpan
chushpan
Friend
AI on the side of hackers: Black Basta turned technology against business
Replies
0
Views
309
Friend
Friend
Man
The Hunt for LockBit, the Dark Web Ransomware King
Replies
0
Views
137
Man
Man
Tomcat
10 years of graceful hacking. How ATM malware evolved.
Replies
0
Views
259
Tomcat
Tomcat
Back
Top