HomeNewsMultiple Ransomware gangs were found to have access to Zebra2104

Multiple Ransomware gangs were found to have access to Zebra2104

-

Last Updated on 22/11/2021 by Nidhi Khandelwal

Zebra2104 gives initial access to ransomware organisations MountLocker and Phobos, as well as the StrongPity APT, according to BlackBerry Research & Intelligence.

The broker has aided crooks in breaking into the networks of several Australian and Turkish companies.

The StrongPity APT had targeted Turkish healthcare companies as well as smaller enterprises with access to this broker.

Multiple Ransomware gangs were found to have access to Zebra2104 1

The researchers uncovered an odd single domain related to many ransomware assaults as well as a C2 server tied to the APT organisation.

The domain was resolved at IPs provided by the same Bulgarian ASN (Neterra LTD), according to further investigation.

An IAB usually acquires access to a victim’s network by exploiting weaknesses, sending phishing emails, and other methods.

They disclose their login credentials in underground forums after obtaining them, offering their commodities to potential purchasers.

Multiple Ransomware gangs were found to have access to Zebra2104 2

Access costs anywhere from $25 to several thousand dollars.

Many IAB fees are calculated depending on the victim organization’s annual revenue.

Furthermore, IABs frequently implement a bidding structure that allows the highest-paying attackers to install malware of their choice.

The study shows how hackers are growing into a real-world enterprise business, with many ransomware gangs and APTs relying on the services of a single IAB. Furthermore, analysts believe that such partnerships will become more prevalent in the near future.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...