Microsoft’s Threat Intelligence team has identified a concerning trend involving the cybercriminal group Storm-1811, which is exploiting Quick Assist, a Microsoft client management tool, for intricate social engineering attacks. Storm-1811, known for its association with Black Basta ransomware, has devised a sophisticated attack chain. Beginning with voice phishing, they trick victims into installing remote monitoring tools like QakBot and Cobalt Strike, ultimately leading to ransomware deployment.
These attacks involve impersonating trusted entities, such as Microsoft technical support or IT professionals, to gain initial access to target devices. Furthermore, the perpetrators employ link listing attacks, inundating victims’ inboxes with subscribed content to lend an air of legitimacy to their schemes. Once access is granted, Storm-1811 executes scripted commands to download malicious payloads, enabling further infiltration and ultimately deploying Black Basta ransomware across networks.
To combat this growing threat, Microsoft emphasizes the importance of vigilance and awareness among users. They recommend proactive measures such as blocking or uninstalling unused remote management tools and providing comprehensive employee training to identify and thwart tech support scams. Given the evolving landscape of ransomware attacks, addressing these vulnerabilities becomes paramount to safeguarding against potential breaches and mitigating their impact.
