Microsoft warns of Cactus ransomware actors using malvertising to infect victims
- Tuesday, 5th December, 2023
Hackers are using malware distributed through online advertisements to infect victims with Cactus ransomware, according to new research.
In a warning published on Friday, researchers at Microsoft said that the ransomware actor behind the campaign — which Microsoft calls Storm-0216 but others refer to as Twisted Spider and UNC2198 — had “received handoffs from Qakbot operators” before that group’s infrastructure was taken down in August by law enforcement. As a result, Storm-0216 has pivoted to using Danabot malware for initial access to victims. More...