Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Estimated reading time: 13 minutes
SEQRITE Labs APT-Team has discovered multiple campaigns of APT SideCopy, targeting Indian government and defense entities in the past few months. The threat group is now exploiting the recent WinRAR vulnerability CVE-2023-38831 (See our advisory for more details) to deploy AllaKore RAT, DRat and additional payloads.…
Researchers recently identified a fresh Gootloader malware variant known as “GootBot,” used in SEO poisoning attacks. This variant introduces features that enable threat actors to move laterally within infected systems, and make it challenging for organizations to detect or block.
Gootloader has predominantly served as an initial access provider, with certain infections leading to ransomware incidents.…
Published On : 2023-11-03
EXECUTIVE SUMMARYAt CYFIRMA, our mission is to equip you with the most cutting-edge insights into the evolving landscape of cybersecurity threats, both targeting organizations and individuals. Our research team identified a new RAT on GitHub, available for purchase. This in-depth report investigates the Millenium-RAT, particularly version 2.4; a Win32 executable built on .NET.…
Published On : 2023-11-03
Ransomware of the WeekCYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization.
Type: Ransomware.Target Technologies: MS Windows.…
Blister is a piece of malware that loads a payload embedded inside it. We provide an overview of payloads dropped by the Blister loader based on 137 unpacked samples from the past one and a half years and take a look at recent activity of Blister.…
Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What’s remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor’s systems continued to use the flawed software, allowing the threat actor to exploit them.…
Caution is advised as an Infostealer that prompts the execution of legitimate EXE files is actively being distributed.
The threat actor is distributing a legitimate EXE file with a valid signature and a malicious DLL compressed in the same directory. The EXE file itself is legitimate, but when executed in the same directory as the malicious DLL, it automatically runs that malicious DLL.…
This post is also available in: 日本語 (Japanese)
Executive SummaryWhile tracking the evolution of Pensive Ursa (aka Turla, Uroburos), Unit 42 researchers came across a new, upgraded variant of Kazuar. Not only is Kazuar another name for the enormous and dangerous cassowary bird, Kazuar is an advanced and stealthy .NET…
ESET Research
ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible
Matthieu Faou
25 Oct 2023 • , 5 min. read
ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS vulnerability in the Roundcube Webmail server on October 11th, 2023.…
In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this operation was quite stealthy.…
Летом 2023 года в ходе исследования инцидента в одной из российских организаций мы обнаружили ряд вредоносных программ, нацеленных на кражу данных. Аналогичные программы, по данным Kaspersky Threat Intelligence, были найдены еще в нескольких государственных и индустриальных организациях РФ, поэтому мы можем предположить, что кража данных из организаций, работающих в данных секторах, была основной целью злоумышленников.…
Published On : 2023-10-20
Executive SummaryAt Cyfirma, we are committed to providing up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. In this analysis, we delve into a python-based information stealer, Akira. This report is a comprehensive investigation of this information stealer malware, unfolding its functionality and capabilities.…
Threat hunting encompasses a range of techniques and approaches aimed at discovering anomalies, threats, and risks associated with attacker activities. In the early days, log review by diligent system administrators was how these anomalies were detected, usually after the fact. This evolved into more structured methodologies created by security experts that attempted to identify these activities in real time.…
By Ernesto Fernández Provecho and David Pastor Sanz (Threatray) · October 16, 2023
Discord is the first choice for gamers when they want to chat with some friends while playing an online computer game. Moreover, it is also a major choice for users that simply want to communicate with their friends and family.…
ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia.
Our first publication was focused on their main tools, Ninja Trojan and Samurai Backdoor, and we also described the set of loaders used to launch them.…