Key Takeaways TA402, a likely Palestinian-aligned advance persistent threat actor, has recently engaged in campaigns leveraging a new implant, dubbed by Proofpoint analysts as NimbleMamba.
NimbleMamba is likely a replacement for the group’s previously used LastConn implant.
These campaigns have a complex attack chain that leverages geofencing and URL redirects to legitimate sites in order to bypass detection efforts. …
Read More Tag: COLLECTION
case study below, Antlion compromised the networks of at least two other organizations in Taiwan, including another financial organization and a manufacturing company. The activity the group carried out on those networks was largely similar to the activity that is detailed in the case study, with the xPack backdoor frequently deployed and a lot of evidence of credential dumping.…
Qbot (aka QakBot, Quakbot, Pinkslipbot ) has been around for a long time having first been observed back in 2007. More info on Qbot can be found at the following links: Microsoft & Red Canary
In this case, from October 2021, we will break down how Qbot quickly spread across all workstations in an environment, while stealing browser information and emails.…
StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”).
The StellarParticle campaign has continued against multiple organizations, with COZY BEAR using novel tools and techniques to complete their objectives, as identified by CrowdStrike incident responders and the CrowdStrike Intelligence team.…
Read More On November 11th, Google TAG published a blogpost about watering-hole attacks leading to exploits for the Safari web browser running on macOS. ESET researchers had been investigating this campaign the week before that publication, uncovering additional details about the targets and malware used to compromise its victims.…
Donot Team (also known as APT-C-35 and SectorE02) is a threat actor operating since at least 2016 and known for targeting organizations and individuals in South Asia with Windows and Android malware. A recent report by Amnesty International links the group’s malware to an Indian cybersecurity company that may be selling the spyware or offering a hackers-for-hire service to governments of the region.…
In 2021, Kaspersky ICS CERT experts noticed a growing number of anomalous spyware attacks infecting ICS computers across the globe.
Although the malware used in these attacks belongs to well-known commodity spyware families, these attacks stand out from the mainstream due to a very limited number of targets in each attack and a very short lifetime of each malicious sample.…
BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure.…
Cuba Ransomware Overview
Read More Over the past year, we have seen ransomware attackers change the way they have responded to organizations that have either chosen to not pay the ransom or have recovered their data via some other means. At the end of the day, fighting ransomware has resulted in the bad actors’ loss of revenue.…
Operation Dianxun Overview
Read More In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named Operation Diànxùn.
The tactics, techniques and procedures (TTPs) used in the attack are like those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda.…
In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation Diànxùn.
In this attack, we discovered malware using similar tactics, techniques and procedures (TTPs) to those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda.…