Last Updated on 22/11/2021 by Nidhi Khandelwal
Zebra2104 gives initial access to ransomware organisations MountLocker and Phobos, as well as the StrongPity APT, according to BlackBerry Research & Intelligence.
The broker has aided crooks in breaking into the networks of several Australian and Turkish companies.
The StrongPity APT had targeted Turkish healthcare companies as well as smaller enterprises with access to this broker.
The researchers uncovered an odd single domain related to many ransomware assaults as well as a C2 server tied to the APT organisation.
The domain was resolved at IPs provided by the same Bulgarian ASN (Neterra LTD), according to further investigation.
An IAB usually acquires access to a victim’s network by exploiting weaknesses, sending phishing emails, and other methods.
They disclose their login credentials in underground forums after obtaining them, offering their commodities to potential purchasers.
Access costs anywhere from $25 to several thousand dollars.
Many IAB fees are calculated depending on the victim organization’s annual revenue.
Furthermore, IABs frequently implement a bidding structure that allows the highest-paying attackers to install malware of their choice.
The study shows how hackers are growing into a real-world enterprise business, with many ransomware gangs and APTs relying on the services of a single IAB. Furthermore, analysts believe that such partnerships will become more prevalent in the near future.
