The TrickBot ransomware gang, which developed the Conti ransomware and BazarLoader, has strengthened its distribution arsenal with the inclusion of new affiliates Hive0106, or TA551, and Hive0107, Threatpost reports.
"Earlier this year, [the TrickBot gang] primarily relied on email campaigns delivering Excel documents and a call-center ruse known as BazarCall to deliver its payloads to corporate users. However…the new affiliates have added the use of hijacked email threads and fraudulent website customer-inquiry forms. This move not only increased the volume of its delivery attempts but also diversified delivery methods with the goal of infecting more potential victims than ever," said IBM X-Force researchers.
Conti ransomware attacks have risen since the addition of the new affiliates. Researchers discovered that Hive0106 has spread TrickBot malware through email thread hijacking, which is also used by the Emotet ransomware gang, since June, according to the report.
Meanwhile, Hive0107 began distributing TrickBot aimed at organizations in the US, Canada and Europe in May after spreading the IcedID trojan in the first six months of the year.
New affiliates strengthen TrickBot’s distribution tactics
The TrickBot ransomware gang, which developed the Conti ransomware and BazarLoader, has strengthened its distribution arsenal with the inclusion of new affiliates Hive0106, or TA551, and Hive0107
Almost 75% of all reported cyberinsurance claims during the first half of this year were attributed to business email compromise attacks, ransomware incidents, and fund transfer fraud, with average ransomware claim losses totaling $353,000.
Such a development comes months after National Public Data admitted the exposure of a database stolen from a December 2023 breach beginning in April, which was then followed by civil penalties being sought by over 20 states as well as potential fines from the Federal Trade Commission.
Investigation into the incident revealed the exfiltration of personal data from Casio and its affiliates' permanent and temporary employees, business partners, customers, and interviewed prospects for employment, as well as contracts with business partners.