The TrickBot ransomware group, which also created BazarLoader and the Conti ransomware, has just upped its distribution tactics to become more of a threat. The cybercriminals behind the TrickBot Trojan have signed two additional distribution affiliates, named Hive0106 and Hive 0107 by IBM X-Force. The result of this move is that ransomware hits on corporations, especially those using the Conti ransomware, will be escalated. The development also proves TrickBot’s increasing standing and reputation in the cybercrime underground. TrickBot began as a banking trojan back in 2016, however, it developed to become a modular, full-service threat capable of a range of backdoor and data theft functions. It can also move laterally throughout an enterprise and deliver payloads.
According to IBM, the new distribution tactics are powerful and pose an even higher threat to targets. TrickBot is likely looking to increase the success rate of its attacks following an email campaign earlier this year in which the group delivered Excel documents to deliver payloads to corporate users. The new affiliates have the added use of hijacked email threads and fraudulent website customer inquiry forms, which may include both the volume of delivery attempts and their success rate.
Read More: TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates