OODA Loop – Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware

Microsoft has warned about a revival of CACTUS ransomware attacks, likely initiated by UNC2198, through malicious advertising lures. UNC2198 is deploying the DanaBot malware, capable of stealing credentials and serving as an entry point for further malware. DanaBot replaced QakBot after law enforcement dismantled QakBot’s infrastructure in August 2023.