The holiday season seems to be at an ebb for the Aviation Industry in Southeast Asia, as two low-cost carriers faced ransomware attacks this week.
Ransomware is a daunting threat …
The holiday season seems to be at an ebb for the Aviation Industry in Southeast Asia, as two low-cost carriers faced ransomware attacks this week.
Ransomware is a daunting threat …
Broadcom Software, was able to link this activity to a group we track as Billbug due to the use in this campaign of tools previously attributed to this group. Billbug …
We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in …
In my latest analysis report, “Fake Hungarian Government Email Drops Warzone RAT”, I discussed a fake Hungarian government phishing email that drops the Warzone RAT. It does this using multiple …
This report provides defenders and security operations center teams with the technical details they need to know should they encounter the DeimosC2 C&C framework.
Introduction With the rise in attention…Overview
Ordinarily, attackers install malware through various methods such as spear phishing emails with a malicious attachment, malvertising, vulnerabilities, and disguising the malware as normal software and uploading them to …
CVE-2021-44228 and CVE-2021-45105) to compromise the Apache Tomcat service on servers in order to install web shells. The attackers used Virtual Private Servers (VPS) hosted on Vultr and Telstra as …
We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.
SummaryQAKBOT’s …
a well-known technique that involves attackers placing a malicious DLL in a directory where a legitimate DLL is expected to be found. The attacker then runs the legitimate application themselves …
The Cybereason Global Security Operations Center (GSOC) Team issues Threat Analysis Reports to inform on impacting threats. The Threat Analysis Reports investigate these threats and provide practical recommendations for protecting …
Play is a new ransomware that takes a page out of Hive and Nokoyawa’s playbook. The many similarities among them indicate that Play, like Nokoyawa, are operated by the same …
Recent studies show that more than 85% of financial institutions in Central and Western Africa have repeatedly been victimized in multiple, damaging cyberattacks. In a quarter of these cases, intrusions …
Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, …
The Cybereason Global Security Operations Center (GSOC) Team issues Cybereason Threat Analysis Reports to inform on impacting threats. The Threat Analysis Reports investigate these threats and provide practical recommendations for …
Over the last year Mandiant has been tracking UNC3890, a cluster of activity targeting Israeli shipping, government, energy and healthcare organizations via social engineering lures and a potential watering …
DLL (Dynamic-Link Library) sideloading is a technique used by Threat Actors to infect users using legitimate applications which load malicious DLL …
DLL (Dynamic-Link Library) sideloading is a technique used by Threat Actors to infect users using legitimate applications which load malicious DLL files that spoof legitimate ones. Recently published a blog …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. …
This post is also available in: 日本語 (Japanese)
Executive SummaryHelloXD is a ransomware family performing double extortion attacks that surfaced in November 2021. During our research we observed multiple …
By: Jason Reaves and Joshua Platt
SocGholish AKA FAKEUPDATES was first reported in 2017. While the initial analysis and reporting did not gain much attention, over time the actor(s) behind …
Update May 11th: Following the publication of this blog post, a penetration testing company called “Code White” took responsibility for this dependency confusion attack
The JFrog Security research team constantly …
We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics.
Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it …
By James Haughom, Antonis Terefos, Jim Walter, Jeff Cavanaugh, Nick Fox, and Shai Tilias
OverviewIn a recent IR engagement, our team happened upon a rather interesting packer (aka crypter …
Over the past year the TeamTNT threat actor …
The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting unsecured MS-SQL servers.
MS-SQL server is a typical database server of the Windows environment, and it has …
01/13/2022
Executive SummaryRecorded Future analysts continue to monitor the activities of the FIN7 group as they adapt and expand their cybercrime operations. Gemini has conducted a more in-depth investigation …
Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As …