The article analyzes the March 2023 NullMixer malware operation, highlighting how opportunistic attackers used malvertising and cracked software to infect thousands of endpoints across Europe, including Italy and France. It also details a MaaS/PPI ecosystem de…
Tag: IOT
Earth Preta has updated its TTPs across campaigns to bypass security solutions, introducing new tools like TONEINS, TONESHELL, PUBLOAD, and NUPAKAGE. The campaign relies on decoy documents, Google Drive links, and password-protected archives to evade detection…
Cyber espionage threat actors continue to target technologies that do not support endpoint detection and response (EDR) solutions such as firewalls, IoT devices, hypervisors and VPN technologies (e.g. Fortinet, SonicWall, Pulse Secure, and others). Mandiant has investigated dozens of intrusions at defense industrial base (DIB), government, technology, and telecommunications organizations over…
Lazarus’ FudModule subverts kernel protections by leveraging a vulnerable Dell driver to elevate to ring 0 and tamper with telemetry data streams to hide its activities. The article also outlines practical, detection-focused strategies such as monitoring ETW d…
MQsTTang is a new Mustang Panda backdoor that uses MQTT for C2 and operates as a single-stage, minimally obfuscated tool. The campaign targets government and diplomatic entities, employs spearphishing distribution with decoy filenames, and includes anti-analys…
Publicly released PoC for CVE-2022-39952 in FortiNAC enables threat actors to perform arbitrary file writes and potentially deploy web shells on vulnerable systems. The article highlights exposed FortiNAC instances, affected versions, and urges timely patching…
Mirai variant V3G4 emerged in 2022, leveraging numerous vulnerabilities to propagate across Linux-based IoT devices and convert them into a botnet capable of DDoS and other attacks. It uses hardcoded C2 domains, XOR-based decryption, string encryption, and a s…
Threat actors distribute Pybot DDoS disguised as a Discord Nitro generator bundled with illegal cracks and keygens. The campaign uses a DRPU Setup Creator installer to drop a downloader that persists at startup, fetches the Pybot payload, and launches a Python…
The advisory outlines ongoing DPRK state-sponsored ransomware activity targeting Healthcare and Public Health Sector organizations and other critical infrastructure, detailing TTPs, IOCs, and cryptocurrency ransom payments. It also describes how actors acquire…
A Mirai-driven botnet variant is dropping Medusa, a Python-based botnet, onto Linux targets to perform DDoS, ransomware, brute-force attacks, and data exfiltration. The article details the Medusa botnet’s client, C2 communications, attack methods, and the IOCs…
Realtek CVE-2021-35394 exploitation surged in 2022, with tens of millions of attempts targeting the Realtek Jungle SDK remote code execution vulnerability and a significant shift to delivering IoT malware. The campaign affected hundreds of device models across…
Microsoft Defender for IoT researchers track Zerobot, a Go-based IoT botnet evolving with new exploits and DDoS capabilities, spreading via IoT and web-vulnerability abuse and deployed as a service. Zerobot 1.1 expands attack methods, adds CVE-based exploits, …
After nearly a year of being disrupted by Google, the Glupteba malware botnet has again become active, infecting devices worldwide. As a result of Google’s efforts, the blockchain-enabled botnet could be seriously disrupted in December 2021 by securing court orders for control of its infrastructure…
Threat actors are increasingly using blockchain to hide and distribute malicious data and C2 instructions. Nozomi Networks researchers track Glupteba activity on the Bitcoin blockchain, showing how OP_RETURN data, XOR encryption, and Tor-based C2 are used, wit…
MCCrash is a cross‑platform DDoS botnet tracked by Microsoft Threat Intelligence that targets Windows, Linux, and IoT devices to attack private Minecraft servers. It propagates via SSH credential brute‑forcing, downloads multi‑stage components, and issues Mine…