{"id":207827,"date":"2025-03-05T05:13:58","date_gmt":"2025-03-05T11:13:58","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/03\/microsoft-teams-tactics-malware-connect-black-basta-cactus-ransomware"},"modified":"2025-03-05T05:13:58","modified_gmt":"2025-03-05T11:13:58","slug":"microsoft-teams-tactics-malware-connect-black-basta-cactus-ransomware","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/03\/microsoft-teams-tactics-malware-connect-black-basta-cactus-ransomware","title":{"rendered":"Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/microsoft-teams-tactics-malware-connect-black-basta-cactus-ransomware.jpg\"><\/a><\/p>\n<p>New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks.<\/p>\n<p>In January, <a href=\"https:\/\/www.zscaler.com\/blogs\/security-research\/inside-zloader-s-latest-trick-dns-tunneling\" target=\"_blank\" rel=\"nofollow noopener\">Zscaler discovered<\/a> a Zloader malware sample that contained what appeared to be a new DNS tunneling feature. Further <a href=\"https:\/\/medium.com\/walmartglobaltech\/qbot-is-back-connect-2d774052369f\" target=\"_blank\" rel=\"nofollow noopener\">research by Walmart<\/a> indicated that Zloader was dropping a new proxy malware called BackConnect that contained code references to the Qbot (QakBot) malware.<\/p>\n<p>BackConnect is malware that acts as a proxy tool for remote access to compromised servers. BackConnect allows cybercriminals to tunnel traffic, obfuscate their activities, and escalate attacks within a victim\u2019s environment without being detected.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. In January, Zscaler discovered a Zloader malware sample that contained what appeared to be a new DNS tunneling feature. [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-207827","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/207827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=207827"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/207827\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=207827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=207827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=207827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}