Cleafy Labs identified a TeaBot campaign that used a malicious dropper app on the Google Play Store to dynamically download a dex file and a secondary APK, performing multiple checks and evasion steps before installing the banking trojan. The final TeaBot payl…
Tag: THREAT INTELLIGENCE
On January 10, 2024, Ivanti disclosed that their Connect Secure VPN devices were breached through two zero-day vulnerabilities. Organizations using these devices are rapidly working to patch and safeguard their networks from potential compromise. The situation…
Hunters International emerged in late 2023 as a RaaS operation with technical lineage and tactics resembling Hive, continuing cyber extortion trends despite Hive’s takedown. The group claims independence, focuses on data theft over encryption, and shows ties t…
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data. https://www.proofpoint.com/us/thre…
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
The Sandman APT group has drawn major attention for targeting telecommunications providers in Europe, the Middle East, and South Asia, employing LuaDream, a LuaJIT-based modular backdoor, to achieve stealthy espionage with minimal footprints. Research ties San…
Discover key insights from Insikt Group’s analysis on ransomware exploitation patterns and targets from 2017–2023.
If you have anything to do with cyber security, you know it employs its own unique and ever-evolving language. Jargon and acronyms are the enemies of clear writing—and are beloved by cyber security experts. So Morphisec has created a comprehensive cyber security glossary that explains commonly…
SentinelLabs observed ScarCruft targeting North Korea-focused media and experts, with malware found in planning and testing phases for future campaigns. The group is experimenting with new infection chains that use decoy threat reports to attract threat-intell…
Executive Summary Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Medusa threat actors use this site to disclo…
Unit 42’s timely threat intelligence roundup for Oct–Dec 2023 surveys malware campaigns, infection chains, and IoCs shared via social channels. It highlights recurring families—DarkGate, Pikabot, IcedID, AsyncRAT, and JinxLoader—and TA577 activity, with practi…
Microsoft Threat Intelligence warns that financially motivated actors are abusing the ms-appinstaller protocol to distribute malware via signed MSIX packages and malicious landing pages, tying multiple groups like Storm-0569, Storm-1113, Sangria Tempest, and S…
2023’s payment fraud trends predict a persistent underground market and evolving sophisticated cyber-fraud threats in 2024.
Infoblox’s DNS Early Detection Program swiftly identifies potentially harmful domains, notably recognizing the KandyKorn malware campaign from the Lazarus Group. The program highlights the critical need for rapid response against such threats, providing timely…
Threat intelligence from X-Force details ITG05’s use of the Israel-Hamas conflict as lure material to deliver the Headlace backdoor across at least 13 countries, leveraging official documents and decoys. The malware chain comprises a dropper, a VBScript launch…