Content Category: Intel Diary

Blogs from our RedSense Cyber Threat Intel specialists.

The Evolution of BlackBasta Malware Dissemination

BlackBasta has evolved from relying on botnets like Qbot in 2022 to a hybrid model incorporating advanced social engineering by 2024. Initially influenced by Conti’s methodologies, the group adopted callback phishing and large-scale botnet use. Following the 2023 Qbot takedown, BlackBasta diversified, collaborating with DarkGate and exploiting platforms like Microsoft Teams. By 2024, it integrated targeted phishing and impersonation schemes, blending technical and social tactics. Drawing on post-Conti malware lab influences, BlackBasta has adapted to law enforcement pressures, establishing itself as a leader in ransomware innovation and resilience.

LockBit Story: A Three-Year Investigative Journey

LockBit, until its recent downfall, was a standout in the ransomware-as-a-service (RaaS) landscape, notably enduring the RaaS model crisis that saw the collapse of many other groups between 2021 and 2022. While these competitors faltered, LockBit survived and thrived into early 2024, showcasing remarkable resilience. RedSense’s extensive investigation into LockBit’s durability, grounded in SIGINT, telemetry analysis, forensics, incident reviews, and malware reversal, demystify its resilience without succumbing to speculation.

Yearly Intel Trend Review

RedSense is excited to present our first “Yearly Intel Trend Review” for 2023! This is a summary review taken from our year-long project: The Ransomware APT White Paper—a 200-page cumulative research covering our five-year insights into ten top-tier ransomware groups serving as the backbone of today’s ransomware economy. The complete White Paper will be available for all RedSense customers in January 2024.

How Law Enforcement Actions Break Down Ransomware (featuring a Black Cat)

Early in the morning on Thursday, December 7th, my team at RedSense and I learned that a federal offensive was taking place against AlphV (aka BlackCat)’s infrastructure and had subsequently downed its servers. I share my personal thoughts on what long-term impacts a Law Enforcement Action (LEA) can have on the threat ecosystem at large.

No Honor Among Thieves

Recently, the RedSense HUNT team has been working to understand how adversaries train their own pentesting teams to infect a victim environment and deploy stealer malware. Our ultimate goal is to educate RedSense  partners on what to expect from adversaries.​

​​​​Based on what we found in instructional videos created by the adversaries themselves, we have made numerous informative discoveries and one which shocked us and proves there really is no honor among thieves.