Tag: MDR

RedCurl’s Ransomware Debut: A Technical Deep Dive
This research by Bitdefender Labs introduces the QWCrypt ransomware campaign, linked to the RedCurl group, marking a significant shift in their tactics from data exfiltration to ransomware. RedCurl has been operating since 2018 but has historically utilized Living-off-the-Land techniques for corporate espionage. Their targeting of specific infrastructures and the use of hypervisor encryption underscores a sophisticated evolution in their operational strategy, raising questions regarding their motivations and business model.…
Read More
From Espionage to PsyOps: Tracking Operations and Bulletproof Providers of UACs in 2025
This report details the activities of Russia-aligned intrusion sets UAC-0050 and UAC-0006, which have been engaged in financially and espionage-motivated spam campaigns targeting various entities globally, particularly in Ukraine. They employ psychological operations, utilize malware for financial theft, and rely on bulletproof hosting providers to obfuscate their infrastructure.…
Read More
Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor Attacks
The article discusses the ongoing threat posed by Raspberry Robin, a sophisticated initial access broker (IAB) linked to various cybercriminal organizations, particularly those connected to Russia. It highlights recent findings such as the discovery of nearly 200 unique command and control domains, the involvement of Russian GRU’s Unit 29155, and the threat actor’s evolution in attack methodologies.…
Read More
Rapid7 MDR Supports AWS GuardDuty’s New Attack Sequence Alerts
AWS GuardDuty has introduced two new alerts—”Potential Credential Compromise” and “Potential S3 Data Compromise”—to enhance threat detection by correlating multiple signals over time, which aids in detecting sophisticated attacks. These improvements allow for rapid response to potential threats, supported by Rapid7’s Managed Threat Complete and InsightCloudSec services.…
Read More
Adversarial AI Digest — 20 March, 2025
This article presents a comprehensive overview of the latest research and insights into AI security, including vulnerabilities in AI technologies, evaluation criteria for AI security products, and autonomous ethical hacking methods. Various reports and upcoming events focused on AI security challenges are also highlighted. Affected: AI security products, UK AI research sector, open-source AI, cybersecurity industry.…
Read More
Securing XIoT in the Era of Convergence and Zero Trust
The article discusses the rise of the Extended Internet of Things (XIoT) and its implications for cybersecurity. As connected devices proliferate, they increase automation and innovation while also expanding the attack surface for potential cyber threats. The convergence of IT and XIoT environments necessitates a shift to Zero Trust security models to safeguard critical infrastructure.…
Read More
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…
Read More
The SOC files: Chasing the web shell
This article details a SOC investigation uncovering a sophisticated web shell employed by Chinese-speaking threat actors. The analysis reveals the web shell’s capabilities as a lightweight exploitation framework and outlines practical detection strategies for security teams. Affected: government infrastructure, web servers, Chinese-speaking threat actors

Keypoints :

Web shells have evolved beyond basic command execution to include lightweight exploitation capabilities.…
Read More
This article discusses various cybersecurity threats, including remote code execution and denial-of-service vulnerabilities affecting Oracle WebLogic Server and MongoDB Mongoose, as well as insider threats involving ransomware gangs and malicious software. Key points from the article also highlight the rise of AI threats, phishing attacks during California wildfires, and vulnerabilities in popular software like 7-Zip.…
Read More
Summary: Cybersecurity firm Field Effect successfully thwarted a cyberattack exploiting vulnerabilities in SimpleHelp’s Remote Monitoring and Management software. The attackers utilized the Sliver backdoor to infiltrate networks and executed several post-compromise tactics, which could have led to ransomware deployment had the attack not been detected and mitigated.…
Read More
Sophos Completes Acquisition of Secureworks
Summary: Sophos has completed its 9 million acquisition of SecureWorks, aiming to enhance its security service offerings. This deal will integrate SecureWorks’ Taegis XDR platform with Sophos’ managed detection and response services to expand their market reach. Both companies will continue to operate as usual while leveraging their combined resources to bolster threat intelligence and security capabilities.…
Read More
RST TI Report Digest: 03 Feb 2025
This report synthesizes findings from 51 threat intelligence articles, highlighting key cyber threats and actors targeting various sectors. Notable threats include LockBit ransomware, the TorNet backdoor campaign, and QBot resurgence, utilizing sophisticated tactics and diverse malware. Affected: financial institutions, government entities, telecommunications, general cybersecurity sector

Keypoints :

A rise in cyber attacks targeting financial institutions and government sectors.…
Read More
Ongoing Email Bombing Campaigns Leading to Remote Access and Data Exfiltration
eSentire reports a rise in Email Bombing attacks linked to ransomware campaigns, where threat actors exploit spam emails and Microsoft Teams impersonation to gain access to victims’ systems. Recommendations include restricting access to external communications and enhancing security training for users. Affected: organizations, individuals, Microsoft Teams, email systems

Keypoints :

Rise in Email Bombing attacks observed by eSentire.…
Read More