Tag: DISCOVERY

Ransomware potentially targeting organizations dealing in Critical Infrastructure

“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because it adds the targeted company name as a file extension to the encrypted files. In September 2022, researchers identified a TargetCompany ransomware variant targeting Microsoft SQL servers and adding the “Fargo” extension to the encrypted files.…

Read More
Executive Summary SentinelOne has observed prominent threat actors abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses. Investigations into these intrusions led to the discovery of POORTRY and STONESTOP malware, part of a small toolkit designed to terminate AV and EDR processes.…
Read More

MuddyWater, also known as Static Kitten and Mercury, is a cyber espionage group that’s most likely a subordinate element within Iran’s Ministry of Intelligence and Security (MOIS).

Since at least 2017 MuddyWater has targeted a range of government and private organizations across sectors, including telecommunications, local government, defense, and oil and natural gas organizations, in the Middle East, Asia, Africa, Europe, and North America.…

Read More
Cybercriminals exploiting World Cup buzz to conduct malicious campaigns

The 22nd FIFA World Cup launched in Qatar on November 20th, 2022, with 32 teams battling for the trophy. With fans around the world excited about the World Cup and cheering on their favorite team, Threat Actors (TAs) are actively also taking advantage of it and using FIFA as a theme in their malicious campaigns targeting unsuspecting victims.…

Read More

ESET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer. The group is known for its destructive operations.

In February 2022, Agrius began targeting Israeli HR and IT consulting firms, and users of an Israeli software suite used in the diamond industry.…

Read More

Mandiant Managed Defense recently identified cyber espionage activity that heavily leverages USB devices as an initial infection vector and concentrates on the Philippines. Mandiant tracks this activity as UNC4191 and we assess it has a China nexus.

UNC4191 operations have affected a range of public and private sector entities primarily in Southeast Asia and extending to the U.S.,…

Read More

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. DEV-0139 is now tracked as Citrine Sleet.

To learn about how the new taxonomy represents the origin, unique traits, and impact of threat actors, and to get a complete mapping of threat actor names, read this blog: Microsoft shifts to a new threat actor naming taxonomy.…

Read More

Published On : 2022-09-25

Erbium Stealer Malware Report Executive Summary

The Erbium malware is an information-stealer/ info stealer, which is distributed as Malware-as- a-Service (MaaS). CYFIRMA research team observed this malware binary in Aug-2022 while carrying out threat hunting activities. The team has also observed the stealer malware being advertised on Russian-speaking hacker forums.…

Read More
Threat Actors using Shortened URLs to infect Users

Deceptive phishing is the preferred way for cybercriminals to distribute malware since luring the victim into clicking a link in a likely phishing SMS or Email is easier. The Threat Actor(TA) usually uses brand impersonation in phishing campaigns to trick the users into believing that they are reputed and legitimate.…

Read More
New Variant of Ransomware Targeting Chile

Most organizations experienced an increase in cyber-attacks during the COVID-19 pandemic. Threat Actors (TAs) leveraged the COVID-19 pandemic as a thematic lure to infect users with different malware families. This pandemic theme related to cyber-attacks has reduced in 2022. However, TAs are still utilizing their arsenal of malicious programs to target users who track information related to Covid-19 infection.…

Read More

There’s a common saying in cyber security, “you can’t protect what you don’t know,” and this applies perfectly to the attack surface of any given organization.

Many organizations have hidden risks throughout their extended IT and security infrastructure. Whether the risk is introduced by organic cloud growth, adoption of IoT devices, or through mergers and acquisitions, the hidden risk lies dormant.…

Read More

December 8, 2022 update – Reflected additional research on Boa-related CVEs and updated supply chain diagram.

Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries.…

Read More
LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. Changes in these LodaRAT variants include new functionality allowing proliferation to attached removable storage, a new string encoding algorithm and the removal of “dead” functions A relatively unknown VenomRAT variant named S500 has been observed deploying LodaRAT.…
Read More