Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Analysis and Report by Fabian Marquardt (@marqufabi)
Recently, Telekom Security CTI was made aware via trust groups in which we are engaged about a new malware campaign that is distributed via phishing emails. The malspam campaign used stolen email threads to lure victim users into clicking the contained hyperlink, which downloaded the malware.…
Sophos X-Ops is tracking an ongoing campaign, which is targeting Citrix NetScaler systems, conducted by threat actors linked to the FIN8 group [BleepingComputer, SOCRadar]. The hackers are exploiting the remote code execution, tracked as CVE-2023-3519, in a large-scale campaign.
The flaw CVE-2023-3519 (CVSS score: 9.8) is a code injection that could result in unauthenticated remote code execution.…
Agniane Stealer fraudulently takes credentials, system information, and session details from browsers, tokens, and file transferring tools. Agniane Stealer also heavily targets cryptocurrency extensions and wallets. Once it obtains the sensitive data, Agniane Stealer transfers that stolen data to command-and-control [C&C] servers, where threat actors can act upon the stolen information. …
ReversingLabs researchers have identified more than a dozen malicious packages on the npm public repository since the beginning of August, including multistage, malicious packages that placed Luna Grabber, an open-source information-stealing malware, on infected systems. In a replay of an attack uncovered two years ago, the malicious packages imitated the legitimate package noblox.js,…
We’ve previously reported on a Nokoyawa ransomware case in which the initial access was via an Excel macro and IcedID malware. This case, which also ended in Nokoyawa Ransomware, involved the threat actor deploying the final ransomware only 12 hours after the initial compromise.
This threat actor delivered a password protected ZIP file via HTML smuggling to organizations back in late October, early November 2022.…
This article is not an in-depth reverse-engineering analysis of a ransomware variant. Rather, it discusses the methods and different techniques used to uncover previous ransomware campaigns.
When a ransomware is successful out in the wild, it is a common to see cybercriminals use the same ransomware samples — slightly tweaking their codebase — to pilot other projects.…
The Monti ransomware collective has restarted their operations, focusing on institutions in the legal and governmental fields. Simultaneously, a new variant of Monti, based on the Linux platform, has surfaced, demonstrating notable differences from its previous Linux-based versions.
IntroductionThe Monti ransomware, which has both Windows and Linux-based variants, gained attention from cybersecurity organizations and researchers when it was first discovered in June 2022 because of its striking resemblance to the infamous Conti ransom ware — not just in name but also the tactics that the threat actors used.…
Summary
Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks.…
Published On : 2023-08-23
EXECUTIVE SUMMARYAt Cyfirma, we are dedicated to providing you with up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. In this comprehensive analysis, we delve into an ongoing campaign orchestrated by the Remcos Remote Access Trojan (RAT).…
EclecticIQ analysts observe the malware family targeting financial information to be used for immediate gain as well as reconnaissance functions to perform initial information gathering and establish persistence.…
In March 2023, Lumen Black Lotus Labs reported on a complex campaign called “HiatusRAT” that infected over 100 edge networking devices globally. The campaign leveraged edge routers, or “living on the edge” access, to passively collect traffic and functioned as a covert network of command and control (C2) infrastructure. …
In this article, we will take a look at the latest version of an XWorm sample — a widespread malicious program that is advertised for sale on underground forums.
We will analyze the functionality of our sample, as well as extract its configuration. …
In this blogpost, ESET researchers take a look at Spacecolon, a small toolset used to deploy variants of the Scarab ransomware to victims all over the world. It probably finds its way into victim organizations by its operators compromising vulnerable web servers or via brute forcing RDP credentials.…
Note: The following is a redacted version of a larger report. For full and comprehensive details of this attack, please enquire about our CTI-on-demand service.
SummaryBlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.
Cuba ransomware is currently into the fourth year of its operation and shows no sign of slowing down.…
First observed in the middle of 2021, ‘Mallox’ Ransomware has emerged as a formidable threat in the cyber crime landscape. With its ability to encrypt all volumes, including local and network shared drives, it gradually spreads its control over the system, leaving victims in a state of digital despair.…
As cyber threats continue to evolve, a new ransomware has been discovered bearing unmistakable similarities to another well-known ransomware variant, Lockbit.
It is noteworthy to point out that Lockbit’s source code was leaked around a year ago, making it possible for other threat actors to potentially develop new variants based on this.…
LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab | Sysdig
Show Table of Contents + Hide −
The Sysdig Threat Research Team (TRT) recently discovered a new, financially motivated operation, dubbed LABRAT. This operation set itself apart from others due to the attacker’s emphasis on stealth and defense evasion in their attacks.…