8Base is a bunch that appeared in 2022 however grew to become rather more seen and energetic in 2023. The group branded themselves as “pen testers” and adopted a multi-extortion mannequin like many different ransomware teams, which concerned an information leak web site hosted on the Tor community the place victims had been listed and threatened with information leaks.
“Phobos’ Ransomware-as-a-Service (RaaS) mannequin has made it significantly accessible to a variety of legal actors, from particular person associates to structured legal teams comparable to 8Base,” Europol mentioned. “Making the most of Phobos’s infrastructure, 8Base developed its personal variant of the ransomware, utilizing its encryption and supply mechanisms to tailor assaults for optimum impression.”
8Base hackers primarily used phishing emails for preliminary compromise then deployed the SystemBC distant entry trojan for persistent entry earlier than deploying model 2.9.1 of the Phobos ransomware which makes use of SmokeLoader for payload ship. Over time researchers noticed similarities to RansomHub, one other ransomware group.
