Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Passages

(322 posts) Thu May 16, 2024, 08:30 AM May 16

Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks

May 16, 2024

The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks.

"Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware," the company said in a report published on May 15, 2024.

The attack chain involves the use of impersonation through voice phishing to trick unsuspecting victims into installing remote monitoring and management (RMM) tools, followed by the delivery of QakBot, Cobalt Strike, and ultimately Black Basta ransomware.

"Threat actors misuse Quick Assist features to perform social engineering attacks by pretending, for example, to be a trusted contact like Microsoft technical support or an IT professional from the target user's company to gain initial access to a target device," the tech giant said.

https://thehackernews.com/2024/05/cybercriminals-exploiting-microsofts.html

Reply to this discussion