We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails.
Threat actors continue to abuse and impersonate brands, posing as verified advertisers whose only purpose is to smuggle rogue ads via popular search engines.…
ARCrypter ransomware, also known as ChileLocker, emerged in August 2022 and gained attention following an attack on an entity located in Chile. Subsequently, researchers revealed that this ransomware started targeting organizations worldwide. The Threat Actors (TA)s responsible for this group do not maintain a leak site for extorting their victims.…
The rapid proliferation of new ransomware strains and the establishment of fresh ransomware groups underscore the ease with which cybercriminals can extort money from their victims. While new ransomware variants continue to emerge, the alarming trend of encrypting files and leaking data remains a persistent practice among these cybercriminals.…
ReversingLabs researchers recently discovered more than a dozen malicious packages published to the npm open source repository that appear to target application end users while also supporting email phishing campaigns targeting Microsoft 365 users. Some key takeaways from our report:
…
In partnership with vx-underground, SentinelOne recently ran its first Malware Research Challenge, in which we asked researchers across the cybersecurity community to submit previously unpublished work to showcase their talents and bring their insights to a wider audience.
Today’s post marks the start of a series highlighting the best entries, beginning with the winner from Pol Thill, Cyber Threat Intelligence Analyst at QuoIntelligence.…
In the realm of cybersecurity, malicious programs continuously evolve to exploit the vulnerabilities of unsuspecting victims. One particularly notorious threat that has gained popularity is the Clipper malware. This Clipper malware specifically targets cryptocurrency users, aiming to deceive and defraud them of their valuable digital assets.…
QR Code usage has skyrocketed in recent years. In fact, 97% of consumers had no idea what a QR Code was in 2012. But by 1Q22, Americas led the world in QR code usage with 2,880,960 scans, making these quirky codes an appealing path for new and sophisticated phishing campaigns.1,2
…
Ransomware poses a significant risk to cybersecurity and remains a highly successful form of cybercrime that presents serious challenges for organizations. It has emerged as a lucrative enterprise for cybercriminals, leading to profound implications, including financial and data losses, as well as detrimental effects on the reputation of the organizations targeted.…
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.…
The ransomware known as “TargetCompany,” which first appeared in June 2021, gained significant attention due to its unique method of appending the name of the targeted company as a file extension to encrypted files. This ransomware variant was also observed appending a “.mallox”…
On May 23, 2023, Barracuda announced that a zero-day vulnerability (CVE-2023-2868) in the Barracuda Email Security Gateway (ESG) had been exploited in-the-wild as early as October 2022 and that they engaged Mandiant to assist in the investigation. Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG appliances to utilize as a vector for espionage, spanning a multitude of regions and sectors.…
Threat Actors (TAs) commonly employ fake phishing websites as their preferred method for distributing malware. This is due to the ease of luring victims into clicking on links contained in phishing emails or sms. TAs often use brand impersonation in their phishing campaigns to deceive users effectively, creating an illusion of trustworthiness and legitimacy to trick unsuspecting individuals.…
Progress Software disclosed one more critical vulnerability CVE-2023-35708 with CVSS Base Score 9.8 in its MOVEit Transfer application on 15th June 2023. An unauthenticated remote attacker could exploit the vulnerable version of MOVEit Transfer that could lead to escalated privileges and potential unauthorized access in the environment.…
Gaming has gained immense popularity, attracting millions of players globally, primarily due to the wide range of game options available, strong community engagement, and its entertainment value. Unfortunately, this widespread appeal has also attracted the attention of Threat Actors (TAs), who seek to exploit gamers by targeting games with large user bases to maximize their potential victims.…
Ransomware continues to pose the most critical cybersecurity threat to organizations’ infrastructure. This malicious software encrypts victims’ files and extorts payment in return for the decryption key. The consequences of ransomware attacks can be severe, including financial losses, data compromise, and reputational damage.…
On May 20th, an incident report was released by PyPI administrators that announced the temporary suspension of new user and project name registrations. The reason behind this action is the overwhelming surge in malicious users and projects being created on the PyPI index in the past week.…
Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by Proofpoint researchers after the group targeted European government staff involved in helping Ukrainian refugees, just a few weeks after the start of the Russia-Ukraine war.…
Disclaimer: Menlo Labs has informed the appropriate law enforcement agencies on the intelligence presented in this report.
Executive SummaryXeGroup is a hacking group that has been active since at least 2013. The group is believed to have been involved in various cybercriminal activities. This threat actor uses many different attack techniques including:
Supply chain attacks similar to Magecart, that inject credit card skimmers into web pages.…Since early January 2023, there has been a notable surge in activity targeting European foreign affairs entities linked to Southeast and East Asia. The threat actors responsible are tracked by Check Point Research as Camaro Dragon and are associated with a broad network of espionage operations aligned with Chinese interests.…