North Korean APT group focuses on file reconnaissance and information exfiltration with latest variant of RandomQuery malware.
Tag: SSO
DUCKTAIL is a .NET-based infostealer from Vietnam that targets Social Media Business/Ads accounts to harvest cookies and hijack sessions for ad fraud. It concentrates on HR and Marketing professionals, uses social engineering and ZIP-delivery via file-sharing …
A Data-Driven Approach based on Analysis of Network Telemetry This blog post seeks to draw out some high-level trends and anomalies based…
A critical RCE vulnerability in Ruckus Wireless Admin (CVE-2023-25717) is being actively exploited, with AndoryuBot deployed to weaponize the flaw for large-scale DDoS campaigns. Cyble CGSI and Fortinet report widespread exposure of Ruckus Admin panels and a g…
A campaign distributes malware via fake Steam Desktop Authenticator (SDA) clone sites using site cloning and typosquatting. The fake SDA ZIP ultimately delivers DarkCrystal RAT (DCRAT) after a staged bypass of Defender, with infrastructure built around several spoofed domains.
#DarkCrystalRAT #SDA #DCRAT #SiteCloning #Typosquatting
Brute Ratel remains rare and targeted, with limited real-world use and far fewer detections than Cobalt Strike. Sophos notes that cracked versions and targeted deployments have kept it from becoming the widespread threat feared, while defenders continue to mon…
A malvertising campaign redirects Windows users to a convincing fake system update, delivering a loader that bypasses many AVs and sandboxes to drop Aurora Stealer. The operation uses a “Invalid Printer” loader, patches it to defeat sandbox checks, and exfiltr…
BPFdoor is a Linux-focused stealth backdoor designed for long-term persistence, associated with the Red Menshen (Red Dev 18) threat actor. A new 2023 variant removes many hardcoded indicators, adds static library encryption via libtomcrypt, and uses a Berkeley…
Dragos faced a failed extortion attempt after a cybercriminal group compromised a new sales employee’s personal email to access internal resources, but Dragos systems and controls remained uncompromised. The company blocked the account, engaged CrowdStrike and…
Bitdefender uncovered DownEx, a newly identified espionage malware family targeting Central Asia (Kazakhstan and Afghanistan) with a data-exfiltration focus and a multi-stage attack chain. The operation combines spear-phishing, a disguised Word document launch…
FortiGuard Labs documents RapperBot expanding from a DDoS botnet into cryptojacking on Intel x64 machines by merging the bot with an XMRig miner. The campaign updates include a revamped C2 protocol, multi-layer encoding to evade detection, and SSH-key persiste…
SideWinder has been observed employing server-side polymorphism to deliver campaigns against Pakistan government officials, and the operation is now targeting Turkey. Campaigns rely on dynamically generated payloads delivered via malicious RTF attachments and …
Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data – Krebs on Security
A Georgia-based online operation promised USPS jobs and exposed a backend database with nearly 900,000 customers. Investigators traced the scheme to US Job Services and Next Level Support, with ties to a Pakistan-based developer and a Tennessee telemarketing f…
Two-stage DLL sideloading campaigns build on classic sideloading by introducing a second clean application that auto-executes a malicious loader, which then runs the final payload. The operation, linked to Dragon Breath/Golden Eye Dog, targets online-gambling …
Cyble Research and Intelligence Labs (CRIL) uncovered a KEKW malware variant spreading via malicious PyPI wheel packages, combining stealer and clipper capabilities to harvest browser data and hijack cryptocurrency transactions. Python security teams quickly r…