Tag: DEFENSE EVASION

Turkey’s Attacking APT Groups and Attack Analyses
This study offers a comprehensive examination of Advanced Persistent Threats (APTs), focusing on their dynamics, techniques employed, and preventive measures. The article discusses the identification of APTs, the reasons behind attacks on Turkey, and their geopolitical and economic impacts. Furthermore, it explains the concept of Tactics, Techniques, and Procedures (TTP), their subdivision into sub-techniques, and details effective strategies to mitigate APT attacks.…
Read More
Healthcare Malware Hunt, Part 1: Philips DICOM Viewers
The article discusses a campaign by the China-based Advanced Persistent Threat (APT) group Silver Fox, which exploited vulnerabilities in Philips DICOM viewers to deploy malware such as a Remote Access Tool (RAT), keyloggers, and crypto miners targeting healthcare organizations. The healthcare sector remains a significant target for cyberattacks, necessitating robust security measures.…
Read More
Cellebrite zero-day exploit used to target phone of Serbian student activist – Amnesty International Security Lab
Amnesty International’s Security Lab revealed a case of Cellebrite’s forensic tools being misused to surveil a youth activist in Serbia. Subsequent investigations indicated that the Serbian authorities continue to exploit such tools for illegitimate surveillance of civil society despite international criticism. Further research highlighted zero-day vulnerabilities in Android USB drivers potentially affecting over a billion devices.…
Read More
Securonix Threat Labs Monthly Intelligence Insights – January 2025
The Monthly Intelligence Insights report for November 2024 by Securonix Threat Labs highlights critical cybersecurity threats, incidents, and responses, including notable breaches involving Cyberhaven and the exploitation of Ivanti vulnerabilities. Organizations are urged to enhance their security measures, such as updating software and implementing more vigilant monitoring systems.…
Read More
Resecurity | DragonForce Ransomware Group is Targeting Saudi Arabia
The DragonForce ransomware group has recently targeted organizations in the Kingdom of Saudi Arabia, resulting in the significant exfiltration of over 6 TB of confidential data from a major real estate and construction firm. The incident highlights a worrying trend of cyber threats against critical infrastructure in the region, indicating a potential expansion beyond the MENA area.…
Read More
Play Ransomware: Exposing One of 2024’s Greediest Cyber Extortionists
Play ransomware, also known as PlayCrypt, is a cybercrime organization that has surfaced since 2022, targeting organizations globally through sophisticated double-extortion tactics. They encrypt systems after exfiltrating sensitive data, demanding communication via email without revealing ransom amounts. The group has stricken over 300 entities across multiple sectors such as telecommunications, healthcare, and government.…
Read More
Linux Detection Engineering – The Grand Finale on Linux Persistence – Elastic Security Labs
This article concludes the “Linux Persistence Detection Engineering” series by exploring advanced persistence mechanisms in Linux. Key topics include manipulation of GRUB and initramfs for persistence, exploitation of PolicyKit (Polkit) permissions, D-Bus configuration for unauthorized access, and NetworkManager dispatcher scripts. Readers are equipped with practical examples and detection strategies to bolster their defenses against Linux persistence threats.…
Read More
The Ultimate Black Basta Chat Leak Part 2 – Veeam & Confluence
This article analyzes the tactics, techniques, and procedures (TTPs) of the LockBit and Black Basta ransomware groups, specifically focusing on their exploitation of Confluence software. Their similarities and differences are explored, along with methods for detection and incident response. Tools used for attacks, the attack flow, and risks involved are highlighted, along with suggestions for monitoring and protection strategies.…
Read More
North Korean Hacking Group Konni’s Malware – Direction for Money Laundering Prevention Supervision for Virtual Asset Operators (2025.2.18)
This article discusses a malware linked to the North Korean hacking group Konni, which is disguised as a file related to virtual asset operators’ anti-money laundering guidelines. The malware utilizes PowerShell commands embedded within a LNK file to execute further malicious activities, including data theft and persistence techniques.…
Read More
IntelBroker: The Rising Threat Actor in the Cybercrime Landscape
IntelBroker is a sophisticated cyber adversary linked to various high-profile data breaches and illicit data trading, operating primarily through BreachForums. The actor has developed ransomware, conducted significant breaches, and engaged in dark web data sales. Their evolving techniques present ongoing challenges to various sectors. Affected: Cybersecurity, E-commerce, Government, Technology, Aviation

Keypoints :

IntelBroker is a highly active cybercriminal responsible for numerous data breaches and ransomware campaigns.…
Read More
Summary: The first quarter of 2025 saw intensified cyber threats as cybercriminals launched sophisticated malware attacks, including the NetSupport RAT and Lynx Ransomware. A range of malware families employed advanced tactics for infiltration, persistence, and data exfiltration, leaving organizations vulnerable to significant breaches. Utilizing real-time analysis tools like ANY.RUN…
Read More
SPYLEND: The Android App Available on Google Play Store: Enabling Financial Cyber Crime & Extortion
This report discusses the malicious Android app “SpyLend,” disguised as a legitimate finance application. It exploits location-based targeting to facilitate predatory lending practices against Indian users, leading to data harvesting and potential extortion. The findings emphasize the ongoing risks associated with questionable mobile applications available on platforms like the Google Play Store.…
Read More
Fake CAPTCHA Malware Campaign: How Cybercriminals Use Deceptive Verifications to Distribute Malware
The rise of the “ClickFix” technique has enabled cybercriminals to exploit fake CAPTCHA verification processes, facilitating sophisticated phishing and malware distribution campaigns. Through deceptive methods, such as mimicking legitimate security checks, threat actors can deliver malware like Lumma Stealer, steal sensitive information, and bypass security measures.…
Read More
Escape | VulnLab – Ever Heard of Windows Kiosk Mode? No? Well, It’s Time to Learn!
This article outlines a penetration testing experience on a VulnLab machine utilizing Kiosk Mode. The author showcases methods to gain access and escalate privileges, particularly through RDP and exploiting Microsoft Edge. The journey includes discovering sensitive files, using tools like BulletsPassView, and successfully bypassing User Account Control (UAC) to achieve SYSTEM-level access.…
Read More
Ransomware 2025: Attacks Keep Rising as Threat Shows its Resilience
Qilin ransomware, initially developed in Go and later in Rust, targets various platforms like Windows, Linux, and ESXi. In June 2024, a significant attack on London hospitals was claimed by Stinkbug, leading to considerable disruptions. The updated version, Qilin.B, introduced advanced encryption and evasion techniques, while attackers increasingly utilize living-off-the-land tools for data exfiltration and security software impairment.…
Read More