BlackBerry report highlights initial access broker providing entry to StrongPity APT, MountLocker and Phobos ransomware gangs

A new report from BlackBerry has uncovered an initial access broker called “Zebra2104” that has connections to three malicious cybercriminal groups, some of which are involved in ransomware and phishing. 

The BlackBerry Research & Intelligence team found that Zebra2104 provided entry points to ransomware groups like MountLocker and Phobos as well as the StrongPity APT. The access was provided to a number of companies in Australia and Turkey that had been compromised.

The StrongPity APT targeted Turkish businesses in the healthcare space as well as smaller companies. BlackBerry said that from their research, they believe the access broker “has a lot of manpower or they’ve set up some large ‘hidden in plain sight’ traps across the internet.”

The report said their investigation led them to believe that the MountLocker ransomware group had been working with StrongPity, an APT group dating back to 2012 that some alleged was a Turkish state-sponsored group. 

Countries attacked by StrongPity.


“While it might seem implausible for criminal groups to be sharing resources, we found these groups had a connection that is enabled by a fourth; a threat actor we have dubbed Zebra2104, which we believe to be an Initial Access Broker (IAB). There is undoubtedly a veritable

Read More: