Security News > 2021 > November > Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Three separate threat groups are all using a common initial access broker to enable their cyberattacks, according to researchers - a finding that has revealed a tangled web of related attack infrastructure underpinning disparate malware campaigns.

The BlackBerry Research & Intelligence Team has found that the ransomware groups known as MountLocker and Phobos, as well as the StrongPity advanced persistent threat, have all partnered with an IAB threat actor that BlackBerry has dubbed Zebra2104.

The use of a common infrastructure to support so many disparate activities raised questions for the BlackBerry team, starting with the rival ransomware offerings.

"We concluded that this was not the work of the three groups together, but of a fourth player; an IAB we dubbed Zebra2104, which provided the initial access into victim environments."

It's likely that Zebra2104 props up many more cyberattack groups than those involved in this initial investigation, especially given that pulling on additional threads of the infrastructure revealed a tangled and widespread apparatus.

"There is undoubtedly a veritable cornucopia of threat groups working in cahootsIf anything, it is safe to assume that these threat group 'business partnerships' are going to become even more prevalent in future."

News URL

https://threatpost.com/zebra2104-initial-access-broker-malware-apts/176075/