DarkGate: Opening Gates for Financially Motivated Threat Actors

Analyst Blog Post  Rectangular Opinion

Executive Summary 


EclecticIQ analysts observed that cybercriminals increased the delivery of the DarkGate loader following the FBI's takedown of Qakbot infrastructure in August 2023 [1]. EclecticIQ analysts assess with high confidence that financially motivated threat actors, including groups like TA577 and Ducktail, along with Ransomware-as-a-Service (RaaS) organizations such as BianLian and Black Basta, primarily use DarkGate. These threat actors target financial institutions in Europe and the USA, focusing mainly on double extortion tactics [2].  

Ransomware groups utilize DarkGate to create an initial foothold and to deploy various types of malware in corporate networks. These include, but are not limited to, info-stealers, ransomware, and remote management tools. The objective of these threat actors is to increase the number of infected devices and the volume of data exfiltrated from a victim. This approach is directly linked to increasing their financial gains following a successful ransomware operation.   

Article Link: DarkGate: Opening Gates for Financially Motivated Threat Actors