Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Tag: HUNT
Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing
December 2022, the automated synchronized fluxing of dynamic DNS records across Telegram channels and Telegraph sites at scale points …
Elastic Security Labs is disclosing a novel intrusion targeting blockchain engineers of a crypto exchange platform. The intrusion leveraged a combination of custom and open source capabilities for initial …
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report …
Threat hunting encompasses a range of techniques and approaches aimed at discovering anomalies, threats, and risks associated with attacker activities. In the early days, log review by diligent system administrators …
By Ernesto Fernández Provecho and David Pastor Sanz (Threatray) · October 16, 2023
Discord is the first choice for gamers when they want to chat with some friends while playing …
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
This post is also available in: 日本語 (Japanese)
Executive SummaryAn advanced persistent threat (APT) group suspected with moderate-high confidence to be Stately Taurus engaged in a number of cyberespionage …
eSentire, a top global Managed Detection and Response (MDR) security services provider, intercepted and shut down three separate ransomware attacks launched by affiliates of the notorious, Russia-linked LockBit …
As a national CERT we analyse all kinds of incidents. Some of them involve widespread APT campaigns, othertimes we just focus on everyday threats. Recently we …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware
phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, …
On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. In this follow-up blog post, we …
Welcome to this week’s edition of the Threat Source newsletter.
I’m covering for Jon this week whilst he takes some well-deserved holiday. What’s on my mind this week? Well, apart …
Analysis and Report by Fabian Marquardt (@marqufabi)
Recently, Telekom Security CTI was made aware via trust groups in which we are engaged about a new malware campaign that is distributed …
Mandiant recently published a blog post about the compromise of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Appliances related to the zero-day vulnerability tracked as CVE-2023-3519. CVE-2023-3519 is …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could …
Trustwave SpiderLabs discovered a new version of the Rilide Stealer extension targeting Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera. This malware uses a creative way to …
During a recent proactive hunt for malicious mobile malware, Sophos X-Ops researchers from SophosLabs discovered a group of four credential-harvesting apps targeting customers of several Iranian banks. Most of the …
In cloud environments, cryptojacking – a type of cyberattack that uses computing power to mine cryptocurrency – takes the form of cloud compute resource abuse, which involves a threat actor …
Last month of May we were talking about the new APT29 campaign that we called “Information”. Recently, just a week ago, an unknown actor used similar techniques to APT29. This …
In the first half of 2023, Mandiant Managed Defense has observed a threefold increase in the number of attacks using infected USB drives to steal secrets. Mandiant tracked all of …
We all have thoughts that keep us up at night.
Will the ticking noise the car made end up being an expensive repair? When will YouTube superstar John Hammond respond …
WhiteSnake Stealer first appeared on hacking forums at the beginning of February 2022.
The stealer collects data from various browsers such as Firefox, Chrome, Chromium, Edge, Brave, Vivaldi, …
During the week of February 20, 2023, Sophos X-Ops MDR team received two separate requests for threat hunts related to unusual activity in two customers’ Microsoft 365 (formerly Office 365) …
The Trickbot/Conti Crypters: Where Are They Now?
blog we published last May. One year on, ITG23 has experienced many organizational changes, splintering into factions and forging new relationships. Despite these …
On May 23, 2023, Barracuda announced that a zero-day vulnerability (CVE-2023-2868) in the Barracuda Email Security Gateway (ESG) had been exploited in-the-wild as early as October 2022 and that they …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
By Securonix Threat Labs, Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
tldr: As malware for Apple’s OSX operating system gains more and more traction, in this article, we’ll share some …
ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)
ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by …
UPDATED: 1 June 2023 @ 1733 ET – Added shareable Huntress YARA rule for assistance in detection effortUPDATED: 1 June 2023 @ 2023 ET – Added Kostas community Sigma rule …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
A Data-Driven Approach based on Analysis of Network Telemetry
This blog post seeks to draw out some high-level trends and anomalies based on our ongoing tracking of QakBot command and …
Information stealer (or infostealer) is a malware family designed to gather and exfiltrate sensitive information from the infected host. This threat became widespread over the past few …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This …
Ever since it first appeared in late 2021, the Raspberry Robin malware campaign has been propagating globally. A number of threat intelligence reports by vendors such as RedCanary …
Infoblox analyzes over 70 billion DNS records each day, along with millions of domain-related records from other sources, to identify suspicious and malicious domains throughout the internet. Our algorithms …
Identifying Connected Infrastructure and Management Activities
Introduction
This blog post seeks to build on recent public reporting on campaigns attributed to SideCopy, a Pakistani-linked threat group. SideCopy has been active …
Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.
UPDATE #1 – 4/25/23 @ 11am …
Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures (TTPs). Specifically, …
In recent years, malware attacks have become increasingly sophisticated, and attackers are always finding new ways to exploit vulnerabilities and steal sensitive data. To stay ahead of these threats, …
Ex-Conti and FIN7 Actors Collaborate with New Backdoor
Dave Loader, which we have linked to the Trickbot/Conti syndicate and its former members. Minodo’s code shows overlap with the Lizar (aka …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …