Tag: EXFILTRATION

Fileless Malware Nedir? S1Ep2 Cobalt Kitty Operasyonu
This article examines “Operation Cobalt Kitty,” a sophisticated cyberattack targeting financial companies in Asia. The attackers primarily employed fileless malware, spear-phishing, and DNS tunneling techniques to gain access to sensitive systems and maintain persistence. The operation exemplifies the potential damage posed by fileless malware and highlights the lack of detection by existing security measures.…
Read More
Advanced Threat Detection: Exploitation Tactics from a CIRT Technical Interview
This article examines two scenarios wherein attackers exploit misconfigured Redis servers and utilize cloud storage resources to execute malicious scripts and gain unauthorized access. The sophisticated techniques employed emphasize the necessity for proactive defensive measures. Affected: Redis servers, macOS systems

Keypoints :

Attackers exploit misconfigurations in Redis services to execute remote commands.…
Read More
Four Critical Ivanti CSA Vulnerabilities Exploited, CISA and FBI Urge Mitigation
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory regarding the active exploitation of four critical vulnerabilities in Ivanti Cloud Service Appliances. These include CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380, which can lead to unauthorized access, remote code execution, and credential theft.…
Read More
Malicious driver from Equation APT
This article analyzes a malicious driver associated with the APT group Equation, detailing its functionality and methods of operation, including string decryption, API resolving, and registry manipulation. The write-up includes links to download the sample and access a decryption script. Affected: APT Equation, Microsoft Windows

Keypoints :

The malicious driver is linked to the APT group Equation.…
Read More
Dark Web Profile: OilRig (APT34)
OilRig, also known as APT34, is a state-sponsored APT group linked to Iranian intelligence, primarily targeting sectors like government, energy, finance, and telecommunications. Their sophisticated cyber-espionage tactics include spear-phishing and custom malware, making them a persistent threat across the Middle East and beyond. Affected: government, energy, financial, telecommunications sectors

Keypoints :

OilRig is a state-sponsored APT group associated with Iranian intelligence.…
Read More
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have uncovered a previously undisclosed APT group, PlushDaemon, linked to China, which executed a supply-chain attack on a South Korean VPN developer in 2023. The attackers replaced the legitimate VPN installer with a malicious version that deployed a sophisticated backdoor known as SlowStepper. This backdoor features a comprehensive toolkit with over 30 components, allowing extensive cyber espionage capabilities.…
Read More

Victim: www.manpower.com Country : US Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/7e8f5d6f-7f01-492b-a902-763c7e8dbf14/ Discovered: 2025-01-22 19:04:59.541944 Published: 2025-01-22 19:03:44.335166 Description : Global workforce solution company Specializes in recruitment and staffing services Covers a broad range of industries and skills Expertise in temporary, permanent, and contractual staffing Offers a full suite of solutions including recruitment, assessment, training, and consultation Helps companies find the right talent Opens up employment opportunities for individuals

About Country: US

– Cybersecurity Landscape: The US is a global leader in cybersecurity innovation, hosting numerous tech companies developing advanced cybersecurity solutions.…

Read More
Hidden Threats of Game Assistants | Analysis Report on the “Catlavan” Backdoor Spread in Gaming Forums
As the user base for online gaming grows, so does the gray market for cheats and auxiliary software, which has also led to the spread of malware. A breakthrough in malicious file detection technology by BinaryAI identifies a recent attack targeting users in Russian-based gaming environments, linked to a backdoor named “Catlavan.”…
Read More
Targeted supply chain attack against Chrome browser extensions
This article discusses a supply chain attack on Chrome browser extensions that began in December 2024, where attackers exploited a phishing vulnerability to inject malicious code. This breach compromised a number of extensions, risking sensitive user data including authentication tokens. Investigations revealed the attackers’ sophisticated methods and infrastructure, highlighting the ongoing threats posed by such supply chain vulnerabilities.…
Read More
Tracking Down APT Group WIRTE’s DNS Movements
The WIRTE APT group has been active since 2018, primarily targeting organizations in the Middle East and Europe, including government and financial sectors. Recent activities have focused on Middle Eastern entities, utilizing custom loaders like IronWind. A comprehensive analysis revealed 56 indicators of compromise (IoCs) and additional artifacts, highlighting the group’s ongoing threat.…
Read More
Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks
The Clop ransomware group has exploited critical vulnerabilities (CVE-2024-50623 and CVE-2024-55956) in Cleo’s managed file transfer software, leading to unauthorized access and data exfiltration. Imperva has observed over 1 million attempts to exploit these vulnerabilities across various industries, particularly targeting the Financial Services and Government sectors.…
Read More
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos X-Ops’ Managed Detection and Response (MDR) has reported on two active threat clusters, STAC5143 and STAC5777, utilizing Microsoft Office 365 to infiltrate organizations for data theft and ransomware deployment. The tactics include email-bombing, fake tech support, and exploiting remote control tools. Both clusters exhibit overlapping techniques with known threat groups like FIN7 and Storm-1811.…
Read More
Russian ransomware hackers increasingly posing as tech support on Microsoft Teams
Summary: Russian cybercriminals are executing a new scam by impersonating tech support on Microsoft Teams to install ransomware on victims’ networks. British cybersecurity firm Sophos reported over 15 incidents involving two groups leveraging Microsoft Office 365 settings for social engineering attacks. The report highlights connections between one group and Storm-1811, while the other may have ties to the FIN7 cybercrime group.…
Read More
InvisibleFerret Malware: Technical Analysis
The article discusses the emergence of InvisibleFerret malware, which is being spread through fake job interviews targeting developers in the tech and cryptocurrency sectors. This malware is part of a broader campaign that includes other malware like BeaverTail. InvisibleFerret is designed to steal sensitive information and operates silently, making it difficult to detect.…
Read More
Victim: IntelBroker | IntelBroker Price: Not disclosed Data: Email addresses, IP addresses, operational tactics Keypoints :

Cybercriminal Profile: IntelBroker is a prominent figure in the cybercrime landscape, known for high-profile data breaches and ransomware attacks. Notable Breaches: His portfolio includes breaches of major entities like AMD, Europol, and Cisco.…
Read More
Grenoble University Hospital Thwarted Cyber Intrusion Attempt with No Medical Data Breach Detected
Date Reported: 2025-01-13 Country: FRA | France Victim: CHU de Grenoble | Grenoble University Hospital Website: chu-grenoble.fr Additional Information : The Grenoble University Hospital was targeted by a cyber intrusion attempt on January 13. Thanks to its security procedures, no medical data exfiltration has been detected so far.…
Read More