8Base is a gaggle that appeared in 2022 however grew to become way more seen and lively in 2023. The group branded themselves as “pen testers” and adopted a multi-extortion mannequin like many different ransomware teams, which concerned a knowledge leak web site hosted on the Tor community the place victims had been listed and threatened with information leaks.
“Phobos’ Ransomware-as-a-Service (RaaS) mannequin has made it notably accessible to a spread of legal actors, from particular person associates to structured legal teams corresponding to 8Base,” Europol stated. “Benefiting from Phobos’s infrastructure, 8Base developed its personal variant of the ransomware, utilizing its encryption and supply mechanisms to tailor assaults for max impression.”
8Base hackers primarily used phishing emails for preliminary compromise then deployed the SystemBC distant entry trojan for persistent entry earlier than deploying model 2.9.1 of the Phobos ransomware which makes use of SmokeLoader for payload ship. Over time researchers noticed similarities to RansomHub, one other ransomware group.
