Tag: DEFENSE EVASION
Short Summary:
CyberVolk is a politically motivated hacktivist group that has transitioned to using ransomware since June 2024. Initially operating under different names, the group has targeted Spanish institutions in …
Short Summary:
The article provides an in-depth analysis of the NOOPLDR and NOOPDOOR malware tools, focusing on their capabilities, methods of operation, and persistence mechanisms. It details how these tools …
Short Summary:
The article analyzes CyberVolk, a politically motivated hacktivist group that transitioned to using ransomware since June 2024. Initially a hacktivist organization, CyberVolk has launched ransomware attacks as a …
Short Summary:
The “Vilsa Stealer” is a newly identified malware discovered on GitHub, known for its efficiency in extracting sensitive data from various applications. It targets browser credentials, crypto wallets, …
Short Summary:
ESET researchers have identified a new China-aligned threat actor named CeranaKeeper, which has been targeting governmental institutions in Thailand since 2023. This group utilizes advanced techniques and tools, …
Short Summary:
Vulnerabilities in the Common Unix Printing System (CUPS) allow remote attackers to exploit the “cups-browsed” process, potentially executing arbitrary commands on affected systems. Four CVEs have been identified, …
Meow, a ransomware group that emerged in 2022, has gained attention for its unique operational model and rising victim count. It is often linked to Meow Leaks, which …
Short Summary:
Key Group, also known as keygroup777, is a financially motivated ransomware group that primarily targets Russian users. They utilize various ransomware builders, including Chaos and Annabelle, and communicate …
Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated attack that utilizes legitimate tools like Visual Studio Code and GitHub. The attack begins with a disguised .LNK file …
Short Summary:
Trend Micro’s MDR team successfully mitigated a more_eggs infection, which was initiated through a spear-phishing email that tricked a recruitment officer into downloading a malicious file disguised as …
Short Summary:
In July 2024, a ReliaQuest customer in the manufacturing sector experienced a data exfiltration attack. The threat actor exploited a Fortinet firewall and used a brute-force attack on …
The Gorilla Botnet, a new botnet family, emerged in September 2024, launching over 300,000 DDoS attack commands across 113 countries, with China and the U.S. being the most …
Summary: Microsoft has reported a multi-staged attack by the threat actor Storm-0501, which compromised hybrid cloud environments leading to data exfiltration, credential theft, and ransomware deployment across various sectors in …
Short Summary:
This article discusses the challenges of identifying attack vectors in human-operated ransomware attacks and highlights the potential of using Windows event logs to trace ransomware activities. It details …
Short Summary:
In November 2023, a BlackCat ransomware intrusion was initiated by Nitrogen malware, which was disguised as Advanced IP Scanner. The attack involved deploying Sliver and Cobalt Strike beacons, …
In light of the escalating frequency and complexity of ransomware attacks, are security leaders confident in their organization’s defenses? According to Group-IB’s Hi-Tech Crime Trends 2023/2024 Report, ransomware will have …
Short Summary:
This report by CYFIRMA investigates the infrastructure of the APT group “Transparent Tribe,” identifying command-and-control (C2) servers linked to the group. The investigation reveals the use of Mythic …
In March 2024, Elastic Security Labs uncovered a sophisticated Linux malware campaign targeting vulnerable servers. The attackers exploited an Apache2 web server to gain initial access and deployed …
Short Summary:
In the first half of 2024, Darktrace Threat Research observed multiple cyber attack campaigns targeting vulnerabilities in internet-facing systems, particularly focusing on Fortinet’s FortiClient EMS. A critical SQL …
Short Summary:
HTML smuggling techniques are increasingly being used in phishing attacks to deliver malicious content. This method involves encoding HTML pages in Base64 strings and using JavaScript to create …
The article discusses the discovery of a new strain of the RomCom malware family, named SnipBot, which exhibits advanced techniques for evasion and obfuscation. This malware allows attackers …
Short Summary:
A new cryptojacking campaign has been discovered, targeting Docker Engine API and capable of lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes Docker …
Kryptina has transitioned from a free tool available on public forums to a significant player in enterprise attacks, particularly associated with the Mallox ransomware family. A leak in …
Short Summary:
Check Point Research has uncovered a new attack vector where threat actors exploit Windows Internet Shortcut files (.url) to lure users into executing remote code. By utilizing the …
Short Summary:
Medusa is a Ransomware-as-a-Service (RaaS) targeting Windows environments, active since June 2021. It gained attention in early 2023 with the launch of its Dedicated Leak Site. Medusa spreads …
Short Summary:
UNC1860 is an Iranian state-sponsored threat actor associated with espionage and cyber operations, particularly targeting government and telecommunications sectors in the Middle East. The group employs specialized tools …
Short Summary:
The article discusses a ransomware attack observed by Huntress analysts, detailing the steps taken by the threat actor to compromise an endpoint. The attack involved enabling RDP, executing …
Short Summary:
The article discusses the challenges organizations face in cybersecurity due to fragmented detection tools and the need for comprehensive threat visibility. It highlights how Recorded Future’s Threat Intelligence …
The SonicWall Capture Labs threat research team has identified a critical zero-click vulnerability, CVE-2024-20017, affecting MediaTek Wi-Fi chipsets. This vulnerability allows remote code execution without user interaction and …
CISA has added critical vulnerabilities affecting Microsoft Windows MSHTML Platform (CVE-2024-43461) and Progress WhatsUp Gold (CVE-2024-6670) to its Known Exploited Vulnerabilities catalog. Users are urged to update affected …
Summary: Aqua Nautilus researchers have discovered a new Linux malware named Hadooken, which targets Weblogic servers and deploys a cryptominer and Tsunami malware. The attack exploits weak passwords to gain …
The recently patched SonicWall vulnerability, CVE-2024-40766, affects the SSLVPN feature and management access of SonicWall firewalls. Active exploitation by the Akira ransomware group has been reported, prompting urgent …
The report from Cyfirma provides an in-depth analysis of the Gomorrah Stealer, a sophisticated information-stealing malware operating within a malware-as-a-service (MaaS) framework. It targets sensitive data from various …
Short Summary:
Aqua Nautilus researchers have identified a new Linux malware named Hadooken, targeting Weblogic servers. The malware exploits weak passwords to gain initial access, drops Tsunami malware, and deploys …
Medusa is a ransomware group that emerged in 2023, known for its unique presence on both the surface and dark web. By 2024, they have intensified their cyberattacks, …
Summary: In August 2024, the ransomware group “Inc Ransom” targeted a ReliaQuest customer in the healthcare sector with a double-extortion attack that involved data exfiltration without encryption. The attack utilized …
Short Summary:
Kimsuky, a North Korean hacking group active since 2018, focuses on espionage and financially motivated cybercrime. They target various technologies and countries, employing sophisticated tactics and exploiting vulnerabilities …
Summary: ESET researchers have analyzed the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware and its connections to other ransomware groups, including LockBit and RansomHub. …