Tag Archive for: Distributor

Malware distributor Storm-0324 facilitates ransomware access

/in


The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats. This activity is not related to the Midnight Blizzard social engineering campaigns over Teams that we observed beginning in May 2023. Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware.

Storm-0324 (DEV-0324), which overlaps with threat groups tracked by other researchers as TA543 and Sagrid, acts as a distributor in the cybercriminal economy, providing a service to distribute the payloads of other attackers through phishing and exploit kit vectors.  Storm-0324’s tactics focus on highly evasive infection chains with payment and invoice lures. The actor is known to distribute the JSSLoader malware, which facilitates access for the ransomware-as-a-service (RaaS) actor Sangria Tempest (ELBRUS, Carbon Spider, FIN7). Previous distribution activity associated with Storm-0324 included the Gozi infostealer and the Nymaim downloader and locker.

In this blog, we provide a comprehensive analysis of Storm-0324 activity, covering their established tools, tactics, and procedures (TTPs) as observed in past campaigns as well as their more recent attacks. To defend against this threat actor, Microsoft customers can use Microsoft 365 Defender to detect Storm-0324 activity and significantly limit the impact of these attacks on networks. Additionally, by using the principle of least privilege, building credential hygiene, and following the other recommendations we provide in this blog, administrators can limit the destructive impact of ransomware even if the attackers can gain initial access.

Historical malware distribution activity

Storm-0324 manages a malware distribution chain and has used exploit kit and email-based…

Source…

Reveton ransomware distributor sentenced to six years in prison in the UK – ZDNet

/in
  1. Reveton ransomware distributor sentenced to six years in prison in the UK  ZDNet
  2. Major Ransomware Attacker Jailed In UK  The Mac Observer
  3. British Hacker Jailed for Role in Russian Crime Group  Dark Reading
  4. Prolific London-Based Ransomware Blackmailer Jailed  Silicon UK
  5. View full coverage on read more

“exploit kit” – read more

StarLink completes APT story by becoming Bit9 distributor in META – AME Info (press release)

/in

StarLink completes APT story by becoming Bit9 distributor in META
AME Info (press release)
Bit9 has stopped the most advanced attacks, including Flame, Gauss, and others that targeted organizations in the META region. Tony Shadrake, Director EMEA at Bit9, said, "StarLink has a very powerful APT story to combat modern malware that

flame malware – read more

LIGATT Security Signs With North America’s Premier Computer Product Distributor, D & H … – Yahoo Finance

/in

ATLANTA , Oct. 7 /PRNewswire/ — LIGATT Security International , (OTC: LGTT.ob – News ) a cyber security company, announced today that they have signed with D & H Distributing, one of the nation’s leading technology distributors. LSI will utilize the …
Read more