Summary:
The Howling Scorpius ransomware group, known for its Akira ransomware-as-a-service, has emerged as a significant threat since early 2023. Utilizing a double extortion strategy, they target small to medium-sized businesses across various sectors globally, particularly in North America, Europe, and Australia. Their ongoing enhancements to ransomware tools and techniques pose increasing risks to organizations.…
Read More
Category: Threat Research
Summary:
The article discusses the emergence of two new malware families, RevC2 and Venom Loader, associated with the threat actor Venom Spider, known for its Malware-as-a-Service (MaaS) offerings. These malware families were identified during campaigns from August to October 2024, utilizing various techniques for data exfiltration and remote code execution.…
Read More
Summary:
In September 2024, FortiGuard Labs reported an attack involving SmokeLoader malware targeting various sectors in Taiwan. SmokeLoader’s advanced evasion techniques and modular design allow it to execute a range of attacks, primarily serving as a downloader for other malware. The attack utilized phishing emails and exploited vulnerabilities in Microsoft Office to deliver the malicious payload.…
Read More
Summary:
The CERT-AGID has reported a recent malware campaign that initially failed due to a missing activation string in the malicious email attachments. After revising their strategy, the attackers successfully deployed AgentTesla, a well-known infostealer, utilizing advanced encryption techniques to evade detection. The campaign highlights the challenges in malware deployment and the importance of proper integration of tools.…
Read More
Summary:
Recent months have witnessed a significant increase in malicious email campaigns utilizing lookalike attachments, particularly ZIP files containing JScript scripts. These scripts, often disguised as legitimate requests for proposals, have targeted numerous users and businesses, primarily in Russia. The campaign, dubbed Horns&Hooves, has evolved over time, employing various methods to deliver the NetSupport RAT, a tool commonly exploited by cybercriminals.…
Read More
Summary:
This report highlights the ongoing phishing attacks attributed to the Kimsuky group, which have evolved to evade detection by utilizing various domains and tactics. The attackers have shifted their operations from Japan to Russia, employing malware-less strategies that exploit familiar financial themes to deceive victims.…
Read More
Summary:
APT-C-48, a government-backed APT organization from South Asia, targets various sectors including government, military, education, and healthcare. Recent phishing attacks using resume-themed emails have been detected, where malicious executables are disguised as PDF files to trick users into opening them. The attackers employ tactics to evade detection and maintain persistence on infected systems.…
Read More
Summary:
This article discusses a new technique employed by stealers to coerce victims into entering their credentials in a browser, which are then stolen using traditional malware. The method involves launching the browser in kiosk mode, primarily targeting Google login pages. This tactic has been linked to the Amadey malware and StealC.…
Read More
Summary:
New vulnerabilities affecting Zyxel firewalls and Advantech wireless access points pose significant risks to organizations. The critical CVE-2024-11667 vulnerability in Zyxel devices has been linked to ransomware attacks, while Advantech devices face multiple high-risk vulnerabilities. Immediate action is required to patch these vulnerabilities and secure networks against potential exploitation.…
Read More
Summary:
Silent Push has been investigating the FUNULL content delivery network for two years, uncovering a vast malicious domain cluster linked to various cybercriminal activities. Their findings reveal over 200,000 hostnames generated by a domain generation algorithm, with numerous suspicious indicators and artifacts identified. The research highlights the importance of monitoring such networks for threat detection and response.…
Read More
Summary:
The Ransomware Roundup report by FortiGuard Labs highlights the emergence of the Interlock ransomware, which targets Microsoft Windows and FreeBSD systems. This variant encrypts files and demands ransom for decryption, posing a high severity threat. The report discusses its infection vector, attack methods, and the sectors affected, while also providing insights into Fortinet’s protective measures against such threats.…
Read More
“`html
Summary: The article discusses how threat actors utilize identifiers to manage and track botnets, particularly in the context of Malware-as-a-Service (MaaS). Different malware families employ various types of identifiers, such as plain strings or hexadecimal strings, to differentiate between botnets. The Vidar stealer, for instance, uses unique build IDs that complicate research efforts.…
Summary:
The Perfctl malware campaign poses a significant threat to Linux servers globally, utilizing advanced evasion techniques to mine cryptocurrency and perform proxyjacking. Its stealthy operations have primarily targeted high-demand sectors such as cryptocurrency and software development, particularly in the United States, Germany, and South Korea.…
Read More
Summary:
JPCERT/CC has identified a cyber attack attributed to the APT-C-60 group targeting domestic organizations, utilizing malware disguised as job application emails. The attack involves a downloader and backdoor analysis, revealing a sophisticated method of infection through malicious Google Drive links. The campaign shares similarities with other malware incidents in East Asia.…
Read More
Summary:
This article explores the sophisticated phishing techniques employed by the Rockstar kit, particularly focusing on the abuse of legitimate services for crafting undetectable links. It highlights various platforms exploited for phishing, including Microsoft and Atlassian services, and discusses the use of QR codes and HTML obfuscation to evade detection.…
Read More