The Sophos MDR Threat Intelligence team previously published the blog Akira Ransomware is “bringin’ 1988 back” in May 2023, roughly two months after the group is reported to have begun operations. Since the ransomware group’s initial attacks in March, Akira has emerged as a formidable ransomware threat in the cybersecurity landscape for small to medium-sized businesses, posting hundreds of alleged victims on its data leak site.…

Read More
Introduction

First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions of Microsoft Office.…

Read More

This post is also available in: 日本語 (Japanese)

Executive Summary

Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In some campaigns, attackers created chatbots that they registered to someone noteworthy such as an Australian footballer.…

Read More
Recent posts HomeCybersecurity Lifehacks Keep Tabs on Emerging Threats in ANY.RUN Malware Trends Tracker

Editor’s note: The current article was originally published on December 16, 2021, and updated on December 19, 2023.

Every day researchers upload about 8,000 submissions to ANY.RUN sandbox, many of them with malicious verdicts.…

Read More
Executive Summary Overlaps in targeting, malware characteristics, and long-term malware evolutions post 2018 suggest that the Gaza Cybergang sub-groups have likely been consolidating, possibly involving the establishment of internal and/or external malware supply lines. Gaza Cybergang has upgraded its malware arsenal with a backdoor that we track as Pierogi++, first used in 2022 and seen throughout 2023.…
Read More

Estimated reading time: 6 minutes

Cerber is a strain of ransomware that was first identified in early 2016. It is a type of malware that encrypts a victim’s files and demands a ransom for the decryption key needed to unlock the files. Cerber, like many other ransomware variants, typically targets individuals and organizations by encrypting their files and demanding a ransom payment (usually in cryptocurrencies like Bitcoin) for the decryption key.…

Read More

 

 

 

Headlace backdoor capable of facilitating multiple malicious actions on objectives.

It is unclear precisely how many entities were impacted by the campaign, but our analysis indicates that organizations in the following countries were targeted: Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia and Romania.…

Read More
Overview

Elastic Security Labs continues to monitor active threats such as GULOADER, also known as CloudEyE – an evasive shellcode downloader that has been highly active for years while under constant development. One of these recent changes is the addition of exceptions to its Vectored Exception Handler (VEH) in a fresh campaign, adding more complexity to its already long list of anti-analysis tricks.…

Read More
THE THREAT

eSentire has observed multiple instances of threat actors exploiting vulnerabilities in Qlik Sense to gain initial access into victim organizations. Qlik Sense is a popular data analytics platform; there is a high probability that Qlik Sense servers, that are unpatched and internet-facing, will be targeted in an ongoing campaign.…

Read More

For the past couple of days, the Patchstack team has been monitoring a mass-scale phishing campaign with multiple variants of phishing emails going around that are notifying users about a supposed security vulnerability in their WordPress website.

They claim it’s a “Remote Code Execution (RCE)” vulnerability and you are asked to immediately use a “Patch created by the WordPress Team” to patch the vulnerability with the identifier “CVE-2023-45124”.…

Read More

In the ever-evolving landscape of cybersecurity threats, one name that consistently surfaces as a force to be reckoned with is “PlugX.” This covert and insidious malware has left a trail of digital intrigue, combining advanced features with a knack for eluding detection. Its history is interwoven with cyber espionage, targeted attacks, and a continuous cat-and-mouse game with security experts (1)(2).…

Read More