Kiss-a-Dog, a cryptojacking campaign, has evolved to broaden its reach from Docker/Kubernetes to Redis-based targets, introducing a 20-year-old open-source process hider and other payloads like Tsunami and XMRig. The variant uses Redis for initial access, down…
Tag: INITIAL ACCESS
Two waves of ransomware and wiper attacks targeted Albanian government and law-enforcement systems, with later samples signed using stolen digital certificates from Nvidia and Kuwait Telecommunications Company. The campaigns show cross-language cooperation, po…
The article explains how Windows AMSI can be bypassed and how security teams can detect such abuse using Trend Micro Vision One and related products. It also outlines common bypass techniques, real-attack examples, and practical indicators for defenders. #AMSI…
ESET researchers exposed Operation LiberalFace, a MirrorFace spearphishing campaign aimed at Japanese political entities around the 2022 House of Councillors election. The operation leveraged the LODEINFO backdoor, introduced a new credential stealer MirrorSte…
Cloud Atlas (Inception) is a long-running cyber-espionage group whose focus has narrowed to Russia, Belarus, and contested regions in Ukraine and Moldova since 2021–2022, including Crimea and Donetsk/Luhansk. In the past year they staged targeted intrusions us…
The Royal ransomware group emerged in early 2022 and has grown globally, deploying through multiple TTPs and affecting organizations worldwide. It uses a unique partial encryption approach with a flexible percentage, operates in a multi-threaded manner, and sh…
Cloud Atlas is a long-running threat group focused on government targets across Russia, Belarus, Azerbaijan, Turkey, and Slovenia, employing phishing with malicious templates to deliver multi-stage payloads. Their operations include remote Office templates, me…
Trend Micro intercepted a Linux cryptomining campaign that now incorporates the CHAOS Remote Administrative Tool (CHAOSRAT) to enhance control over infected hosts. The operation persists via cron-based mechanisms, downloads XMRig and the RAT from distributed s…
MuddyWater (aka Static Kitten, Mercury) is an Iran MOIS-linked cyber espionage group that has expanded its targeting with campaigns using spearphishing and legitimate remote administration tools. The latest campaign uses HTML attachments and hosted archives to…
Threat Actors are exploiting FIFA World Cup buzz to run a range of scams, including crypto phishing with fake NFT drops, fake FIFA-themed domains, WhatsApp-led scams, and broad malware campaigns. Cyble Research & Intelligence Labs (CRIL) documents multiple lur…
Since August 2022, Truebot (Silence.Downloader) infections have surged, with two botnets observed: a globally distributed one (notably targeting Mexico, Brazil, and Pakistan) and a newer US-focused botnet impacting Windows servers and several education-sector …
Cloud compute credentials attacks target misconfigured cloud compute services to steal credentials and access cloud infrastructure, causing costly resource usage and remediation work. The article presents two real-world cases—one in AWS Lambda and one in Googl…
The Cuba Ransomware group Tropical Scorpius is analyzed in relation to its Cuba variant, including attack simulations added by Picus Threat Library. The report maps out a wide set of TTPs from initial access to impact, and notes connections to the Industrial S…
Deathstalker has deployed a new Janicab variant targeting legal entities in the Middle East and Europe, leveraging YouTube-based dead-drop resolvers (DDRs) and a multi-stage VBScript loader to deliver Janicab. The operation shows expanded targets (including tr…
ESET researchers uncovered a new wiper called Fantasy and its execution tool Sandals, attributed to the Agrius APT, deployed through a supply-chain compromise against an Israeli software developer. The operation targeted Israeli HR/IT firms, diamond-industry s…