Short Summary:
ESET researchers have uncovered a series of cyberespionage attacks attributed to the APT group GoldenJackal, targeting governmental organizations in Europe. The group has utilized sophisticated tools to compromise …
Short Summary:
ESET researchers have uncovered a series of cyberespionage attacks attributed to the APT group GoldenJackal, targeting governmental organizations in Europe. The group has utilized sophisticated tools to compromise …
Short Summary:
The article discusses a resurgence of malvertising campaigns targeting utility software, particularly focusing on the Mac version of Slack. Threat actors are creating deceptive ads that impersonate legitimate …
The article discusses a new campaign by the APT group Awaken Likho, targeting Russian government agencies and industrial enterprises. The group has shifted its tactics, now utilizing the …
Short Summary:
The article provides a detailed analysis of PhantomLoader, a malware loader that disguises itself as a legitimate DLL for antivirus software. It is used to deliver a rust-based …
Summary: A spear-phishing email campaign targeting recruiters has been identified, utilizing a JavaScript backdoor known as More_eggs to compromise systems under the pretense of fake job applications. The campaign is …
Summary: A new ‘FakeUpdate’ campaign in France exploits compromised websites to deliver fake browser and application updates, distributing the WarmCookie backdoor. This cyberattack strategy, employed by the threat group ‘SocGolish’, …
This article discusses four recently identified DNS tunneling campaigns, highlighting the techniques used by threat actors to bypass network security and establish covert communication channels. The campaigns were …
Short Summary:
The article provides an in-depth analysis of the NOOPLDR and NOOPDOOR malware tools, focusing on their capabilities, methods of operation, and persistence mechanisms. It details how these tools …
Summary: Recent research has revealed that a set of four vulnerabilities in the Common Unix Printing System (CUPS) not only allows for remote code execution but also enables attackers to …
Silent Push research reveals that the FIN7 threat group is employing new tactics, including the use of an AI “DeepNude Generator” across multiple websites to distribute malware. The …
This article discusses a sophisticated phishing campaign that utilizes HTML smuggling techniques to deliver malicious payloads. The campaign involves multiple stages of obfuscation and deception, including the use …
Summary: A recent Microsoft alert has revealed that the threat actor Vanilla Tempest is using a new ransomware strain, INC, to target the US healthcare sector, highlighting the ongoing cyber …
Summary: Attackers are exploiting a critical remote code execution vulnerability (CVE-2024-45519) in Zimbra’s SMTP server, prompting urgent patching by affected organizations. The vulnerability allows unauthenticated remote attackers to execute arbitrary …
Summary: Cyble Research and Intelligence Lab (CRIL) has identified a sophisticated cyber campaign that utilizes a suspicious .LNK file and Visual Studio Code (VSCode) to gain persistence and remote access …
Short Summary:
The article details various email payloads used in phishing attempts, specifically focusing on different types of attachments and the malware associated with them. The payloads target multiple users …
Researchers at Palo Alto Networks discovered a tool named Swiss Army Suite (S.A.S) used by attackers for automated vulnerability scanning, particularly targeting SQL injection vulnerabilities. This tool operates …
Summary: Recent analyses reveal that the Patchwork APT group has initiated a sophisticated cyber campaign utilizing a new backdoor called “Nexe” to target Chinese entities, employing advanced evasion tactics. This …
Short Summary:
Trend Micro’s MDR team successfully mitigated a more_eggs infection, which was initiated through a spear-phishing email that tricked a recruitment officer into downloading a malicious file disguised as …
Short Summary:
In July 2024, a ReliaQuest customer in the manufacturing sector experienced a data exfiltration attack. The threat actor exploited a Fortinet firewall and used a brute-force attack on …
XWorm is a newly discovered versatile malware tool that allows attackers to access sensitive information, gain remote access, and deploy additional malware. Its multifaceted nature has led to …
Short Summary:
This report discusses a series of cyberattacks attributed to the 8220 Gang, targeting Oracle WebLogic servers through the exploitation of critical vulnerabilities. The attackers deployed various malware, including …
Summary: DCRat, a modular remote access Trojan (RAT) offered as malware-as-a-service, has been delivered through innovative techniques such as HTML smuggling, targeting Russian-speaking users. This blog analyzes the methods used …
Short Summary:
In November 2023, a BlackCat ransomware intrusion was initiated by Nitrogen malware, which was disguised as Advanced IP Scanner. The attack involved deploying Sliver and Cobalt Strike beacons, …
In light of the escalating frequency and complexity of ransomware attacks, are security leaders confident in their organization’s defenses? According to Group-IB’s Hi-Tech Crime Trends 2023/2024 Report, ransomware will have …
Summary: The content discusses the malware Trammy.dll, which downloads and extracts files to establish persistence on infected systems while disguising its activities. It highlights the use of a password-protected ZIP …
Summary: A phishing campaign targeting transportation and logistics companies in North America has been identified, utilizing compromised email accounts to deliver various malware strains, including information stealers and remote access …
Short Summary:
This report by CYFIRMA investigates the infrastructure of the APT group “Transparent Tribe,” identifying command-and-control (C2) servers linked to the group. The investigation reveals the use of Mythic …
Short Summary:
ESET Research has conducted an in-depth analysis of Gamaredon, a Russia-aligned APT group engaged in cyberespionage activities primarily targeting Ukraine. The study highlights Gamaredon’s tactics, techniques, and tools, …
In March 2024, Elastic Security Labs uncovered a sophisticated Linux malware campaign targeting vulnerable servers. The attackers exploited an Apache2 web server to gain initial access and deployed …
Short Summary:
DCRat, a modular remote access Trojan (RAT) offered as malware-as-a-service, has been active since 2018. It is delivered through various means, including HTML smuggling, which allows it to …
Summary: The Kryptina ransomware has transitioned from a free tool to a significant player in enterprise attacks, particularly through its integration with the Mallox ransomware family. This evolution highlights the …
Short Summary:
In the first half of 2024, Darktrace Threat Research observed multiple cyber attack campaigns targeting vulnerabilities in internet-facing systems, particularly focusing on Fortinet’s FortiClient EMS. A critical SQL …
Summary: A new cryptojacking campaign has been discovered that targets Docker Engine API, enabling lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes compromised Docker hosts …
The Patchwork APT group has launched a sophisticated campaign targeting Chinese entities and Bhutan, utilizing a malicious LNK file to initiate infections. The campaign employs DLL sideloading techniques …
Summary: A critical vulnerability (CVE-2024-7120) in RAISECOM Gateway devices allows remote attackers to execute arbitrary commands, posing a severe threat to enterprise security. Exploitation of this flaw has been actively …
Cloudforce One has investigated an advanced threat actor known as SloppyLemming, who employs multiple cloud service providers for credential harvesting, malware delivery, and command and control operations. This …
DLL Hijacking is a technique that exploits legitimate applications to execute malicious code. This write-up provides an overview of DLL Hijacking, its purpose, and the various documented instances …
Short Summary:
HTML smuggling techniques are increasingly being used in phishing attacks to deliver malicious content. This method involves encoding HTML pages in Base64 strings and using JavaScript to create …
Short Summary:
The article investigates the Sniper Dz phishing-as-a-service (PhaaS) platform, which has gained popularity among phishers targeting social media and online services. Over the past year, more than 140,000 …
The article discusses the discovery of a new strain of the RomCom malware family, named SnipBot, which exhibits advanced techniques for evasion and obfuscation. This malware allows attackers …
Short Summary:
A new cryptojacking campaign has been discovered, targeting Docker Engine API and capable of lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes Docker …
Short Summary:
The article discusses the emergence of the Necro Trojan, which has infected various popular applications, including modified versions and those available on Google Play. The Trojan employs advanced …
Kryptina has transitioned from a free tool available on public forums to a significant player in enterprise attacks, particularly associated with the Mallox ransomware family. A leak in …
Short Summary:
The article discusses the detection and response to the Poseidon Stealer malware by eSentire’s Threat Response Unit (TRU). This malware targets macOS devices and employs deceptive techniques to …