SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phishing techniques to obtain initial access, employing a combination of outdated Microsoft Office document vulnerabilities, novel evasion techniques, and highly potent backdoor malware.…
It is apparent from past evidence that threat actors (TAs) utilize social media platforms to demonstrate their technical expertise to attract potential allies or customers interested in acquiring or leasing malware families such as Stealers, Ransomware, RATs, and similar tools.…
DUCKTAIL, a financially motivated malware variant, specifically aims at individuals and businesses utilizing a Social Media Business/Ads platform. The malware is created by Threat Actors (TAs) originating from Vietnam. Since the second half of 2021, TAs have been actively involved in developing and distributing malware associated with the DUCKTAIL operation.…
Cyble Research and Intelligence Labs (CRIL) recently uncovered a new strain of malware named “MDBotnet” on a cybercrime forum. Our analysis indicates that the origins of this malware can be attributed to a Threat Actor (associated with Russia. This MDBotnet malware has been specifically designed for carrying out distributed denial-of-service (DDoS) attacks on targeted victims by employing an HTTP/SYN flood attack technique.…
In the ever-evolving landscape of cyber threats, the number of ransomware groups adopting double extortion is a concerning trend. This rising wave of ransomware attacks has taken the form of not only locking away valuable corporate data but also threatening to expose it to the world unless their demands are met.…
Threat actors have moved to other means of initial access, such as ISO files combined with LNKs or OneNote payloads, but some appearances of VBA macros in Office documents can still be seen in use.
In this case we document an incident taking place during Q4 of 2022 consisting of threat actors targeting Italian organizations with Excel maldocs that deploy IcedID.…
I recently came across an interesting campaign that is using fake websites to distribute malware. Although this TTP is not new, it seems to be on the rise. Anecdotally, I’ve seen it in multiple cases in 2023 more so than before. It’s difficult to quantify without doing extensive research, it is something for other analysts to be aware of more at least. …
Cyble Research and Intelligence Labs (CRIL) recently discovered a series of phishing websites posing as video editing software. These fraudulent sites lure users into downloading and executing various types of malware families such as stealers, RAT, etc.…
Cyble Research and Intelligence Labs (CRIL) observed an increase in the number of ransomware groups launching Linux variants, such as Cylance and Royal ransomware. This can be attributed to the fact that Linux is extensively utilized as an operating system across various sectors, including enterprise environments and cloud computing platforms.…
Custom-branded ransomware has recently seen a surge in development. We have observed Threat Actors (TAs) utilizing leaked source codes of a particular ransomware family to create new variants by modifying the existing code. This approach allows for the creation of ransomware that can be tailored to target specific industries, organizations, or geographic regions, increasing the effectiveness of ransomware variants when it comes to evading detection and successfully infecting victims.…
Ransomware is a grave cybersecurity threat and is currently one of the most effective cybercrimes causing organizational problems. It has proven to be highly profitable for cybercriminals, resulting in severe consequences such as financial loss, data loss, and damage to the reputation of the targeted entities.…
By Securonix Threat Labs, Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
TL;DRAn unusual attack/phishing campaign delivering malware while using meme-filled code and complex obfuscation methods continues dropping Xworm payloads for the last few months and is still ongoing today.
IntroFor the last few months, an interesting and ongoing attack campaign was identified and tracked by the Securonix Threat Research team.…
In the world of cybercrime, the tactics used by threat actors are constantly evolving, but upon close analysis of multiple instances, the modus operandi remains the same – i.e. exploitation of current events, trending news, government websites, and even legitimate applications of trusted organizations to dupe unsuspecting users.…
Phishing attacks pose an ongoing and widespread danger to both individuals and organizations. To trick users into divulging sensitive information like passwords and credit card details, Threat Actors (TAs) employ various tactics, including phishing websites. Attackers often use these fraudulent websites to distribute their malicious software, taking advantage of users’ trust in legitimate-looking sites.…
PyPI (Python Package Index) is a widely used repository for software packages for the Python programming language, utilized by developers worldwide for sharing and downloading Python code. Due to the widespread usage of PyPI, it has become a desirable target for Threat Actors (TAs) who aim to attack developers or their projects.…
Researchers at Lookout have discovered a new Android surveillance tool which we attribute with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Named BouldSpy for the “BoulderApplication” class which configures the tool’s command and control (C2), we have been tracking the spyware since March 2020.…
Authored by Dexter Shin
Minecraft is a popular video game that can be played on a desktop or mobile. This is a sandbox game developed by Mojang Studios. Players create and break apart various kinds of blocks in 3-dimensional worlds and they can select to enjoy Survivor Mode to survive in the wild or Creative Mode to focus on being creative. …
In recent years, ransomware operations have emerged as highly profitable cybercrime schemes. Numerous companies have suffered immense financial, data, and reputation losses due to such attacks. Typically, cybersecurity researchers tend to concentrate on prominent ransomware groups that run extensive Ransomware-as-a-Service (RaaS) operations.…
Malware loaders are programs or scripts that have been created to install and run different types of malware on a victim’s computer system. The main objective of a malware loader is to avoid detection and continue operating on the victim’s computer by downloading and executing additional malicious software.…