Group-IB Threat Intelligence details a MuddyWater espionage campaign targeting international organizations worldwide, using compromised mailboxes accessed via NordVPN to dispatch phishing emails that deliver malicious Word documents. The operation deploys Phoe……
Tag: EDR
China-linked APT24 hackers have been using the sophisticated and previously undocumented BadAudio malware in a three-year espionage campaign targeting Windows systems. Their methods evolved over time, including spearphishing, supply-chain compromises, and website injections to evade detection and conduct targeted espionage activities. #APT24 #BadAudio #CobaltStrike
Automated threat intelligence enables machine-speed detection, enrichment, and response to indicators of compromise, reducing mean time to detect and respond while freeing analysts from repetitive tasks. Recorded Future’s Intelligence Cloud delivers this capability through continuous data collection, ML-driven risk scoring, and integrations with SIEM, SOAR, and EDR to enable real-time defensive actions. #RecordedFuture #InsiktGroup
Netskope Threat Labs validated that GPT-3.5-Turbo and GPT-4 can be coerced into generating malicious Python code, demonstrating the architectural feasibility of LLM-powered malware while also showing generated code often fails operational reliability tests. Preliminary GPT-5 tests show improved code effectiveness but stronger guardrails, highlighting a trade-off between capability and safety. #GPT3_5_Turbo #GPT4 #GPT5
Acronis TRU tracked a global malvertising and SEO-driven campaign named “TamperedChef” that distributes digitally signed fake installers which persist via scheduled tasks and execute heavily obfuscated JavaScript backdoors with remote code execution and HTTPS-based C2. The operators use U.S.-registered shell companies to acquire and rotate code-signing certificates, short-lived domain registrations, and malvertising/SEO to hide infrastructure and quickly recover after takedowns. #TamperedChef #Obfuscator_io
Recent cybersecurity incidents reveal a rise in international espionage, targeted hacking campaigns, and vulnerabilities in widely used systems and devices. These stories highlight the ongoing efforts of governments, cybercriminals, and security researchers to adapt and respond to new online threats. #LinkedInEspionage #OracleVulnerability…
K7 Labs analyzed a Python-based multi-stage obfuscated malware that unpacks a large filler blob to reveal a small marshalled .pyc which performs process injection into cvtres.exe and loads a downloaded .NET component for persistent C2. The infection uses disguised archives and bundled Python runtime (ntoskrnl.exe) to reconstruct and execute payloads from cloud-hosted files and maintain an encrypted RAT-like channel. #cvtres.exe #ntoskrnl.exe
The European Commission proposes to loosen data protection and AI regulations in the EU under the Digital Omnibus, aiming to boost innovation and reduce red tape. Critics argue that these changes will reduce privacy protections and favor big tech at the expense of smaller companies and consumers. #GDPR #AIAct #EuropeanUnion #DataPrivacyProtection…
Mate, an AI-driven SOC startup, has secured $15.5 million in seed funding to enhance its intelligent incident response platform. Its solution leverages AI agents and LLMs to automatically investigate, resolve, and escalate security incidents, reducing response times and false positives. #Mate #AIincidentresponse…
The article details a sophisticated cyberattack on a US real estate company using the Tuoni C2 framework, employing techniques such as social engineering, steganography, and in-memory execution. It highlights the growing use of AI-assisted loaders and modular frameworks by threat actors to evade detection and complicate defense efforts. #TuoniC2 #Steganography…
Microsoft introduces new Windows 11 recovery features, Cloud Rebuild and Point-in-Time Restore (PITR), to help reduce downtime and enhance system recovery. These features are part of the Windows Resiliency Initiative and will be integrated into Microsoft Intune by 2026. #Windows11 #Resiliency #CloudRebuild #PITR
Sarcoma is a fast-emerging ransomware group (late 2024) that combines data theft with encryption and aggressive double-extortion tactics, targeting mid-market and larger organizations—especially in manufacturing, technology and construction—primarily in the United States, Italy and Canada. The group operates a controlled RaaS-style model, targets Windows, Linux and ESXi environments, and uses techniques including credential theft, zero-day exploits, anti-recovery steps and public leak pressure. #Sarcoma #ChaCha20
The Tycoon 2FA phishing kit is a scalable, easy-to-use tool that bypasses multi-factor authentication, leading to full account compromise using real-time session hijacking. Enterprises must adopt biometric, phishing-proof identity solutions like FIDO2 hardware to combat evolving cyber threats. #Tycoon2FA #FIDO2
UNC1549 targeted aerospace, aviation, and defense sectors using spear-phishing and compromised third‑party relationships to gain access, then deployed custom backdoors (TWOSTROKE, DEEPROOT, LIGHTRAIL, GHOSTLINE, POLLBLEND, MINIBIKE) and tunneling tools to maintain stealthy persistence and C2 using Azure and SSH reverse tunnels. The group used credential theft (DCSYNCER.SLICK, CRASHPAD, TRUSTTRAP), DLL search order hijacking, and long-lived stealth techniques to exfiltrate sensitive data and pivot through suppliers. #UNC1549 #TWOSTROKE
Researchers from Israel’s INDA have uncovered SpearSpecter, a sophisticated cyber-espionage campaign allegedly linked to Iranian threat actors working for IRGC-IO, targeting high-level government and defense officials. The operation employs social engineering, fileless malware, and cloud-based command-and-control channels to infiltrate its targets. #IRGCIO #SpearSpecter…