SUMMARY

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.…

Read More

S2W

·

Follow

Published inS2W BLOG·

14 min read ·

Feb 7, 2024

Author: Jiho Kim & Sebin Lee | BLKSMTH

Last Modified : Feb 7, 2024

Photo by Mark König on Unsplash Executive SummaryS2W threat research and intelligence center Talon has hunted for and analyzed a sample of what is believed to be a new malware from the Kimsuky group on VirusTotal.…
Read More

February 1, 2024

Stately Taurus Continued – New Information on Cyberespionage Attacks against Myanmar Military Junta

On January 23rd, CSIRT-CTI published a blogpost describing a pair of campaigns believed to be launched by Stately Taurus (alias Bronze President, Camaro Dragon, Earth Preta, Mustang Panda, Red Delta, TEMP.Hex…

Read More

ESET researchers have identified twelve Android espionage apps that share the same malicious code: six were available on Google Play, and six were found on VirusTotal. All the observed applications were advertised as messaging tools apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT) code called VajraSpy, used for targeted espionage by the Patchwork APT group.…

Read More

On Jan. 12, 2024, Mandiant published a blog post detailing two high-impact zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, affecting Ivanti Connect Secure VPN (CS, formerly Pulse Secure) and Ivanti Policy Secure (PS) appliances. On Jan. 31, 2024, Ivanti disclosed two additional vulnerabilities impacting CS and PS devices, CVE-2024-21888 and CVE-2024-21893.

The vulnerabilities allow for an unauthenticated threat actor to execute arbitrary commands on the appliance with elevated privileges.…

Read More

To help defenders learn more about Pawn Storm’s activities and adjust their defenses, we offer a technical analysis of some of the threat actor’s recent and updated techniques.

Introduction 

Pawn Storm (also known as APT28 and Forest Blizzard) is an advanced persistent threat (APT) actor that shows incessant and lasting repetitions in its tactics, techniques, and procedures (TTPs).…

Read More

ESET has collaborated with the Federal Police of Brazil in an attempt to disrupt the Grandoreiro botnet. ESET contributed to the project by providing technical analysis, statistical information, and known command and control (C&C) server domain names and IP addresses. Due to a design flaw in Grandoreiro’s network protocol, ESET researchers were also able to get a glimpse into the victimology.…

Read More
Recent postsHomeMalware Analysis CrackedCantil: A Malware Symphony Breakdown

Lena aka LambdaMamba

I am a Cybersecurity Analyst, Researcher, and ANY.RUN Ambassador. My passions include investigations, experimentations, gaming, writing, and drawing. I also like playing around with hardware, operating systems, and FPGAs. I enjoy assembling things as well as disassembling things!…

Read More

In this article, we will explore the FalseFont Backdoor used by Peach Sandstorm APT to target defense contractors worldwide. The backdoor was initially identified and reported on by Microsoft. The malware features data exfiltration and remote access capabilities. It poses as a legitimate application from US Defense and Intelligence Contractor Maxar Technologies, and provides the user with a realistic UI and behavior.…

Read More
Key TakeawaysCRIL discovered phishing websites pretending to be popular Mac applications and are spreading the Atomic Stealer (AMOS). At the time of publishing this analysis, these deceptive sites were operational. AMOS demonstrates continuous evolution with frequent updates, reflecting the developer’s unwavering commitment to refining its functionalities for malicious purposes.…
Read More

ESET researchers provide an analysis of an attack carried out by a previously undisclosed China-aligned threat actor we have named Blackwood, and that we believe has been operating since at least 2018. The attackers deliver a sophisticated implant, which we named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software.…

Read More

In recent months, the Malek Team, a hacker group with alleged links to Iran, has escalated its cyber offensive against key Israeli institutions, marking a significant uptick in digital threats within the region. The Malek Team, which has previously targeted a private college in Israel, claimed responsibility for a sophisticated cyberattack on Israel’s Ziv Medical Center.…

Read More