Last week, unknown threat actors started targeting, en masse, VMware ESXi hypervisors using CVE-2021-21974, an easily exploitable pre-authorization remote code execution vulnerability. Experts from Bitdefender …
Tag: MDR
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Since May 2022, eSentire’s Threat Response Unit (TRU) has observed 11 cases of Raspberry Robin infections. Although the initial access vector is an infected USB drive, however it’s unclear how …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
In this Threat Analysis report, the Cybereason team investigates a recent IcedID infection that illustrates the tactics, techniques, and procedures (TTPs) used in a recent campaign. IcedID, also known …
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. This well-designed automated framework allows attackers post-infection capabilities to evade detection, …
Redline Stealer is one of the most popular stealers being sold and used by cybercriminals. The command and control (C2) panel does not require an attacker to log in via …
On December 2, 2022, one of our 24/7 SOC Cyber Analysts escalated an incident involving the GootLoader malware at a pharmaceutical company. eSentire’s Threat Response Unit (TRU) responded quickly and …
The Cybereason Global Security Operations Center (GSOC) issues a Purple Team Series of its Threat Analysis reports to provide a technical overview of the technologies and techniques threat actors use …
Большинство кибератак имеют финансовую мотивацию, однако в последнее время возросло число атак, цель которых — не обогащение, а нанесение ущерба жертве. Одним из инструментов таких атак являются вайперы (от англ. …
A postmortem analysis of multiple incidents in which attackers eventually launched the latest version of LockBit ransomware (known variously as LockBit 3.0 or ‘LockBit Black’), revealed the tooling used by …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by …
We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.
SummaryQAKBOT’s …
eSentire has observed a recent and significant increase in SolarMarker infections delivered through drive-by download attacks. These attacks rely on social engineering techniques to persuade users to execute …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Cybereason GSOC team analysts have analyzed a specific technique that leverages Notepad++ plugins to persist and evade security mechanisms on a machine. Following this introduction, we describe in detail how …
The Cybereason Global Security Operations Center (GSOC) Team issues Threat Analysis Reports to inform on impacting threats. The Threat Analysis Reports investigate these threats and provide practical recommendations for protecting …
Raspberry Robin and Dridex: Two Birds of a Feather
IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious …
Corporate espionage, also known as industrial espionage, is espionage conducted for commercial or financial purposes. One of the common misconceptions is that espionage is affecting only large corporations or government …
The Cybereason Global Security Operations Center (GSOC) Team issues Cybereason Threat Analysis Reports to inform on impacting threats. The Threat Analysis Reports investigate these threats and provide practical recommendations for …
Gootloader is a Malware-as-a-Service (MaaS) offering that is spread through Search Engine Optimization (SEO) poisoning to distribute malicious payloads, such as IcedID. Threat actors have begun using IcedID, a former …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Purple Fox malware was first discovered in 2018 and was delivered by RIG EK (Exploit Kit). However, it has now become an independent malware with its own exploit kit framework. …
Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
隨著金融科技的技術持續發展,金融產業使用了更多的資訊系統,便也代表著比起過去任何時候,潛藏了更多未知的資安威脅,而駭客入侵所造成的影響,往往也牽一髮而動全身,有著絕不可小覷的風險。
2021 年底一連串我國證券商與期貨商遭受駭客撞庫攻擊、導致下單系統異常的新聞,在當時引發了社會上一片軒然大波。奧義智慧研究團隊在參與事件調查 (Incident Response, IR) 時,成功挖掘出關於金融攻擊事件的更多內幕,本篇文章將帶您深入瀏覽與探討,來自中國國家級駭客的金融產業供應鏈攻擊手法剖析、惡意程式技術,與對應的緩解措施等。
事件緣起去年臺灣發生多起證券、期貨商遭到撞庫攻擊,甚至出現下單異常案件的情況,研判應為系統性問題而非單一個案,並且對於交易秩序的影響相當嚴重。該攻擊事件疑似為特定組織型駭客所發起,長期且有目的性的滲透行動,從攻擊手法中可以觀察到,駭客具有針對不同目標環境開發對應後門、躲避安全軟體偵測的能力,並十分擅長於企業內網攻擊,操作手法亦相當熟稔。
奧義智慧科技 (CyCraft) 於 2021 年 11 月底到 2022 年 2 月初,監控到一系列大範圍且專門針對臺灣金融單位軟體系統的供應鏈攻擊事件,遂而開始展開進一步詳細的調查。初步發現,攻擊者準確利用了我國金融單位常用的軟體系統之漏洞,第一波攻擊於 2021 年 11 月底出現受駭案例,第二波活動的高峰期則在 2022 年 2 月 10 …