Microsoft has released a warning about a fresh wave of CACTUS ransomware attacks that use DanaBot as an initial access vector by using malvertising lures.
The Microsoft Threat Intelligence team stated in a series of tweets on X (previously Twitter) that the DanaBot infections resulted in “hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware.”
Like Emotet, TrickBot, QakBot, and IcedID, DanaBot is a multipurpose tool that may serve as a stealer and a point of entry for next-stage payloads. The tech giant is tracking it under the codename Storm-1044.