Stronger RaaS gang, access broker bonds examined

SecurityWeek reports that initial access brokers and ransomware-as-a-service groups have been forging stronger relationships with each other. Gaining an exclusive relationship with access brokers would enable RaaS groups to bolster the efficiency of malware and access delivery to their affiliates, as well as improve the targeting of potential victims, according to Intel 471. Meanwhile, access brokers with an exclusive association with an RaaS group would have better-concealed operations. The report also showed that an active broker dubbed "Jupiter" has been significantly linked to Black Cat, Pysa/Mespinoza, and Avaddon attacks, while "Neptune," another active broker, was found to be involved in attacks related to Pysa/Mespinoza. "It's probable that as initial access advertisements become increasingly common on underground forums, ransomware operators will look to recruit prominent and trustworthy actors to form partnerships with. At the same time, it is likely network access vendors will start to recognize they can save time and effort by making offers directly to highly active ransomware affiliate programs," researchers said.