APT41’s operations against U.S. state governments leveraged multiple, overlapping campaigns: initial access via a USAHerds web app vulnerability (CVE-2021-44207) followed by Log4Shell (CVE-2021-44228) deserialization to deploy backdoors, including KEYPLUG.LINU…
Tag: ZERO-DAY
Check Point Research analyzes TrickBot’s modular architecture and anti-analysis techniques, highlighting how TrickBot targeted customers of 60 high-profile financial and tech companies using web-injects and credential theft. The article describes key modules l…
Volexity uncovered a zero-day cross-site scripting (XSS) vulnerability in Zimbra (CVE-2022-24682) that TEMP_Heretic targeted through spear-phishing campaigns to access and exfiltrate mail data. The attackers could load JavaScript in the victim’s Zimbra webmail…
Morphisec identifies a new AsyncRAT delivery campaign that uses an HTML attachment to deliver a base64-encoded ISO file, constructed in-browser and mounted to execute staged loaders. The multi-stage chain includes HTML/JavaScript decoding, reflective .NET inje…
Earth Karkaddan (APT36) is analyzed through its use of CrimsonRAT on Windows and CapraRAT/ObliqueRAT on Android, detailing infection chains based on spear-phishing, USB worms, and malicious macros. The piece also covers C2 communications, persistence mechanism…
INKY uncovered a large phishing campaign impersonating the U.S. Department of Labor, using spoofed senders and look-alike domains to target Google Workspace and Microsoft 365 users with fake bid invitations for nonexistent federal projects. Victims were led to…