The Cybereason Global Security Operations Center (GSOC) Team issues Cybereason Threat Analysis Reports to inform on impacting threats. The Threat Analysis Reports investigate these threats and provide practical recommendations for …
Tag: ACTIVE DIRECTORY
日本語 (Japanese)
Update History Date Description of Updates Aug. 10th 2022 Adding clarifying details on activity involving active directory. Aug. 10th 2022 Update made…This post is also available in: 日本語 (Japanese)
Executive SummaryBeginning in early May 2022, Unit 42 observed a threat actor deploying Cuba Ransomware using novel tools and techniques. Using …
In this intrusion from April 2022, the threat actors used BumbleBee as the initial access vector.
BumbleBee is a malware loader that was first reported by Google Threat Analysis Group …
Taking its name from “Gwisin,” a Korean term for “ghost” or “spirit,” GwisinLocker is a new ransomware family that targets South Korean industrial and pharmaceutical companies. …
This post is also available in: 日本語 (Japanese)
Executive SummaryAmong the threat actors distributing Bumblebee is Projector Libra. Also known as EXOTIC LILY, Projector Libra is a criminal group …
Gootloader is a Malware-as-a-Service (MaaS) offering that is spread through Search Engine Optimization (SEO) poisoning to distribute malicious payloads, such as IcedID. Threat actors have begun using IcedID, a former …
By Securonix Threat Labs, Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
Last Updated: July 20, 2022
IntroductionThe Securonix Threat Research (STR) team has been observing and investigating a …
ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.
Executive SummaryReversingLabs recently discovered of a new version of the …
Using a methodology first seen in 2020, an unknown threat actor has been exploiting a three-year-old bug in the Telerik UI web application framework to take control of web servers, …
The Quantum Locker is a ransomware strain that was first discovered in July 2021. Since then, the ransomware was observed used in fast ransomware attacks, in some cases even Time-to-Ransom …
INTRODUCTION:
Identified by Proofpoint as the threat actor behind the Contact Forms campaign, TA578 also appears to be pushing ISO files for Bumblebee malware through thread-hijacked emails. These threat-hijacked emails …
As Russia’s invasion of Ukraine continues, new wiper malware has surfaced attacking Ukrainian infrastructure. Caddywiper was first detected on March 14, 2022. It destroys user data, partitions information from attached …
In this intrusion from December 2021, the threat actors utilized IcedID as the initial access vector. IcedID is a banking trojan that first appeared in 2017, usually, it is delivered …
By James Haughom, Antonis Terefos, Jim Walter, Jeff Cavanaugh, Nick Fox, and Shai Tilias
OverviewIn a recent IR engagement, our team happened upon a rather interesting packer (aka crypter …
Summary
Multifactor Authentication (MFA): A Cybersecurity Essential• MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are …
For additional information regarding deserialization exploits and our new hunting rule generation tool ‘HeySerial’, read our blog post, Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits.…
Soon after execution of the Qbot …
At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since …