Microsoft warns of Cactus ransomware actors using malvertising to infect victims

  • Tuesday, 5th December, 2023
  • 10:22am

Hackers are using malware distributed through online advertisements to infect victims with Cactus ransomware, according to new research.

In a warning published on Friday, researchers at Microsoft said that the ransomware actor behind the campaign — which Microsoft calls Storm-0216 but others refer to as Twisted Spider and UNC2198 — had “received handoffs from Qakbot operators” before that group’s infrastructure was taken down in August by law enforcement. As a result, Storm-0216 has pivoted to using Danabot malware for initial access to victims. More...

« Back