The report discusses Iranian intelligence and military entities associated with the Islamic Revolutionary Guard Corps (IRGC) involved in cyber activities targeting Western countries through their network of contracting companies. Four known intelligence and military organizations linked to the IRGC engage with cyber contractors. Iranian threat groups linked to the network of contracting parties have launched espionage and ransomware attacks and are leading efforts to destabilize target countries through information operations.…
Tag: HEALTHCARE
Headlace backdoor capable of facilitating multiple malicious actions on objectives.
It is unclear precisely how many entities were impacted by the campaign, but our analysis indicates that organizations in the following countries were targeted: Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia and Romania.…
Targeted attacks
Unknown threat actor targets power generator with DroxiDat and Cobalt Strike
Read More Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons.…
For the latest discoveries in cyber research for the week of 27th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Nevada-based medical transcription company, Perry Johnson & Associates (PJ&A), has disclosed a data breach that affected more than 9M patients at multiple healthcare providers in the US.…
December 2022, the automated synchronized fluxing of dynamic DNS records across Telegram channels and Telegraph sites at scale points to a potential elevation in actor resources and capability devoted to ongoing operations. In addition, by deploying multiple consecutive stages of Hive0051’s exclusive Gamma variant malware, the actor is able to remap victims to separate sets of actor-controlled C2 fluxing clusters.…
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Blockchain, Botnets, Hexadecimal IP notation, Infostealers, and Ransomware. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure…
Estimated reading time: 5 minutes
Our recent research has highlighted the presence of the MedusaLocker ransomware, which first surfaced in mid-2019. Its primary targets are the Hospital and Healthcare industries. MedusaLocker employs AES and RSA encryption techniques to encrypt victims’ data.
Technical analysis
At the start, it performs a check for the presence of a Mutex.…
Our recent research has highlighted the presence of the MedusaLocker ransomware, which first surfaced in mid-2019. Its primary targets are the Hospital and Healthcare industries. MedusaLocker employs AES and RSA encryption techniques to encrypt victims’ data.
Technical AnalysisAt the start, it performs a check for the presence of a Mutex.…
Security teams are well aware of the growing problem of software supply chain attacks, but it’s essential that organizations stay abreast of the various threats posed to software supply chains.
One of the pain points that organizations need to learn more about and defend against is malicious campaigns found on open-source software repositories.…