Mandiant ties a campaign that uses SEO poisoning to distribute BATLOADER and ATERA Agent to techniques disclosed after a CONTI ransomware affiliate leak in August 2021. The report also provides extensive indicators, a YARA rule, and a MITRE ATT&CK mapping span…
Tag: DEFENSE EVASION
Qbot (QakBot) campaigns spread rapidly by delivering a malicious Excel macro that loads a QBot DLL, then injects into msra.exe to harvest browser data and Outlook emails. The operation escalates privileges, moves laterally across all workstations, and uses mul…
BlackBerry researchers link the Prophet Spider Initial Access Broker (IAB) group to exploiting the Log4j (Log4Shell) vulnerabilities in VMware Horizon to break into organizations. The article outlines IoCs, observed post-exploitation payloads (cryptomining, Co…
ESET analyzes a watering-hole campaign that delivers a new macOS backdoor named DazzleSpy via a WebKit/Safari exploit chain. Targets were Hong Kong pro-democracy individuals, with infection hosted on amnestyhk.org and other compromised sites like fightforhk.co…
Threat actors deliver multiple malware via malicious PowerPoint Add-Ins and a multi-stage chain that uses cloud services to host payloads. The operation blends phishing, LoLBins, VBS, and PowerShell to drop AgentTesla and a cryptocurrency stealer, with stages …
BRATA continues to evolve with new targets and features, including factory reset, GPS tracking, multi-channel C2 (HTTP and WebSocket), and ongoing monitoring via VNC and keylogging to facilitate unauthorized wire transfers. The report details BRATA variants A,…
Donot Team (also known as APT-C-35 and SectorE02) is a long-running South Asia-focused threat actor linked to Windows and Android malware, with Amnesty International alleging links to an Indian cybersecurity company that may sell spyware or hackers-for-hire se…
By Sriram P & Lakshya Mathur Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as…
The post HANCITOR DOC drops via CLIPBOARD appeared first on McAfee Blog….
Phishing is increasingly a preliminary step in multi-stage ransomware campaigns: attackers use phishing to gain initial access, then deploy loaders/RATs to perform reconnaissance, lateral movement, persistence and finally deliver ransomware. Detecting and bloc…
Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations…
The post McAfee Defender’s Blog: Cuba Ransomware Campaign appeared first on McAfee Blog….
In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed…
The post Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies appeared first on McAfee Blog….