Threat Actor Provided APT and Ransomware Gangs Initial Access to Australian Businesses, according to BlackBerry Report

A recent report from security researchers at Blackberry has discovered an initial access broker, identified as Zebra2104, with links to cyber criminal groups and advanced persistent threat (APT) actors involved in ransomware and phishing activities. The report notes that after Zebra2104 gained initial access to a victim’s device or network and established a reliable backdoor into the network. The actor then advertised their access to these compromised systems on the Dark Web. Zebra2104 provided access to ransomware groups such as MountLocker and Phobos as well as the StrongPity APT. The victim companies were mostly in Australia and Turkey. According to the Blackberry researchers, “the interlinking web of malicious infrastructure seen throughout this research has shown that, in a manner that mirrors the legitimate business world, cybercrime groups are in some cases run not unlike multinational organizations… it is safe to assume that these threat group “business partnerships” are going to become even more prevalent in [the] future.” Read the full report here or access a relevant article at Zdnet.