Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
This post is also available in: 日本語 (Japanese)
Executive SummaryRoyal ransomware has been involved in high-profile attacks against critical infrastructure, especially healthcare, since it was first observed in September 2022. Bucking the popular trend of hiring affiliates to promote their threat as a service, Royal ransomware operates as a private group made up of former members of Conti.…
In recent years, ransomware operations have emerged as highly profitable cybercrime schemes. Numerous companies have suffered immense financial, data, and reputation losses due to such attacks. Typically, cybersecurity researchers tend to concentrate on prominent ransomware groups that run extensive Ransomware-as-a-Service (RaaS) operations.…
After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.
We discovered a new campaign by Earth Longzhi (a subgroup of APT41) that targets organizations based in Taiwan, Thailand, the Philippines, and Fiji.…
Ransomware has been one of the most glaring threats against organizations in recent years. Since 2021 SOCRadar has detected around 5,600 ransomware attacks. There was a rise from 2021 to 2022 in the number of attacks detected. This trend seems to continue in 2023 because even though it is not half of the year, there is already half the number of attacks detected compared to 2021.…
Malware loaders are programs or scripts that have been created to install and run different types of malware on a victim’s computer system. The main objective of a malware loader is to avoid detection and continue operating on the victim’s computer by downloading and executing additional malicious software.…
ESET researchers have discovered a campaign that we attribute to the APT group known as Evasive Panda, where update channels of legitimate applications were mysteriously hijacked to deliver the installer for the MgBot malware, Evasive Panda’s flagship backdoor.
Key points of the report:
Users in mainland China were targeted with malware delivered through updates for software developed by Chinese companies.…By Securonix Threat Labs, Threat Research: Den Iuzvyk, Tim Peck, Oleg Kolesnikov
TL;DRThe Securonix Threat Research team (STR) has recently observed a new attack campaign tracked by Securonix as OCX#HARVESTER. Some of the malicious payloads leveraged as part of the attack campaign observed appear to be related to the More_eggs malicious payloads reported earlier [1].…
ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. Operation DreamJob is the name for a series of campaigns where the group uses social engineering techniques to compromise its targets, with fake job offers as the lure. In this case, we were able to reconstruct the full chain, from the ZIP file that delivers a fake HSBC job offer as a decoy, up until the final payload: the SimplexTea Linux backdoor distributed through an OpenDrive cloud storage account.…
Over the past several months, Sophos X-Ops has investigated multiple incidents where attackers attempted to disable EDR clients with a new defense evasion tool we’ve dubbed AuKill. The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system.…
In recent years, malware attacks have become increasingly sophisticated, and attackers are always finding new ways to exploit vulnerabilities and steal sensitive data. To stay ahead of these threats, security researchers must constantly monitor the landscape and identify new threats as they emerge. In this article, we’ll take a closer look at the findings of a recent study conducted by Zscaler’s ThreatLabz team, which uncovered a new backdoor built using Free Pascal that has the ability to steal data from infected systems.…
Published On : 2023-04-10
EXECUTIVE SUMMARYResearch team at CYFIRMA has recently identified and published a report on a new European threat actor group called FusionCore. The group operates Malware-as-a-service and hacker- for-hire operations. They offer a variety of tools and services on their website to purchase cost- effective yet customizable malware.…
Cyble Research and Intelligence Labs (CRIL) came across a new ransomware group named Money Message. Money Message can encrypt network shares and targets both Windows and Linux operating systems. Upon analyzing Money Message binaries, we noticed a similarity: they contained admin credentials in the configuration, which were then used to target network resources.…
By John Fokker, Ernesto Fernández Provecho and Max Kersten · April 05, 2023
We would like to thank Steen Pedersen and Mo Cashman for their remediation advice.
On the 4th and the 5th of April, a law enforcement taskforce spanning agencies across 17 countries – including the FBI, Europol and the Dutch Police – have disrupted the infamous browser cookie market known as Genesis Market and approached hundreds of its users.…
Research by: Jiri Vinopal, Dennis Yarizadeh and Gil Gekker
Key Findings:
Check Point Research (CPR) and Check Point Incident Response Team (CPIRT) encountered a previously unnamed ransomware strain, we dubbed Rorschach, deployed against a US-based company. Rorschach ransomware appears to be unique, sharing no overlaps that could easily attribute it to any known ransomware strain.…Proxyjacking has Entered the Chat | Sysdig
Did you know that you can effortlessly make a small passive income by simply letting an application run on your home computers and mobile phones? It lets others (who pay a fee to a proxy service provider) borrow your Internet Protocol (IP) address for things like watching a YouTube video that isn’t available in their region, conducting unrestricted web scraping and surfing, or browsing dubious websites without attributing the activity to their own IP.…
Published On : 2023-04-03
EXECUTIVE SUMMARYThe CYFIRMA research team has identified a new up-and-coming European threat actor group known as FusionCore. Running Malware-as-a-service, along with the hacker-for- hire operation, they have a wide variety of tools and services that are being offered on their website, making it a one-stop-shop for threat actors looking to purchase cost- effective yet customizable malware.…
Splunk is committed to using inclusive and unbiased language. This blog post might contain terminology that we no longer use. For more information on our updated terminology and our stance on biased language, please visit our blog post. We appreciate your understanding as we work towards making our community more inclusive for everyone.…
By Securonix Threat Research: D.Iuzvyk, T.Peck, O.Kolesnikov
Sept. 25, 2023, updated Sept. 27, 2023, updated Oct. 6, 2023
tldr:Securonix Threat Research recently discovered an attack campaign appearing to originate from the threat group UAC-0154 targeting victims using a Pilot-in-Command (PIC) Drone manual document lure to deliver malware.…