Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Last week, my spam trap caught an e-mail with LNK attachment, which turned out to be quite interesting.
The e-mail message was the usual malspam fare trying to appear as a purchase order sent to the recipient…
…however, the attachment, named “Purchase%20Order%20PO007289.pdf.zip”, was somewhat more intriguing.…
Introduction
In this blog post, we will provide an update on our continued analysis and tracking of infrastructure associated with IcedID’s BackConnect (BC) protocol; a continuation of the analysis we shared in late-December 2022, which you can read here, in addition to our campaign metrics and infrastructure tracking blog posts.…
RedLine Stealer or RedLine is malware that can collect users’ confidential information and deliver other malicious programs. The availability and flexibility of the stealer cause financial loss, data leakage, targeting both enterprise and personal devices. Healthcare and manufacturing sectors suffer the most from these attacks.…
Threat Actors (TAs) frequently utilize multistage attacks to increase the likelihood of successfully delivering malicious payload by evading detection from antivirus products and creating a complex and intricate attack structure that poses challenges for analysis.
The TAs commonly employ LOLBin (Living Off the Land Binary) in the multistage attack.…
In recent years, the rise of Vishing, also known as Voice over IP Phishing, has become so popular that it has eroded trust in calls from unknown numbers.…
NetSupport RAT is being used by various threat actors. These are distributed through spam emails and phishing pages disguised as documents such as Invoices, shipment documents, and PO (purchase orders). Distribution via phishing pages has been covered on this Blog in the past. [1]
AhnLab Security Emergency response Center(ASEC) discovered NetSupport RAT being distributed via a spear phishing email that has recently been in circulation.…
We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails.
Threat actors continue to abuse and impersonate brands, posing as verified advertisers whose only purpose is to smuggle rogue ads via popular search engines.…
During the week of February 20, 2023, Sophos X-Ops MDR team received two separate requests for threat hunts related to unusual activity in two customers’ Microsoft 365 (formerly Office 365) environments. This prompted an investigation into sets of Microsoft Graph security events forwarded to Sophos XDR, to identify whether suspicious or malicious activity occurred.…
AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware.
This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware.…
AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 5th, 2023 (Monday) to June 11th, 2023 (Sunday).
For the main category, Infostealer ranked top with 44.6%, followed by downloader with 43.9%, backdoor with 9.5%, and ransomware with 2.0%.…
The ransomware known as “TargetCompany,” which first appeared in June 2021, gained significant attention due to its unique method of appending the name of the targeted company as a file extension to encrypted files. This ransomware variant was also observed appending a “.mallox”…
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.…
On May 23, 2023, Barracuda announced that a zero-day vulnerability (CVE-2023-2868) in the Barracuda Email Security Gateway (ESG) had been exploited in-the-wild as early as October 2022 and that they engaged Mandiant to assist in the investigation. Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG appliances to utilize as a vector for espionage, spanning a multitude of regions and sectors.…
Qakbot (aka Pinkslipbot, Qbot) has persisted as a banking trojan – then a potent malware/ransomware distribution network – for well over a decade, its origins going back as far as 2007. As a ransomware botnet, Qakbot is usually spread through email hijacking and social engineering, dropping malicious files that infect Windows hosts.…
In this blog we will deep dive into a malware campaign crafted specifically for the Israeli audience: Red Deer. We’ve been tracking the activity of the campaign for the past year and noticed minor shifts in the TTPs of the actor that will be explained in this blog.…
SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phishing techniques to obtain initial access, employing a combination of outdated Microsoft Office document vulnerabilities, novel evasion techniques, and highly potent backdoor malware.…
In this blogpost we examine the operation of AceCryptor, originally documented by Avast. This cryptor has been around since 2016 and because – throughout its existence – it has been used to pack tens of malware families, many technical parts of this malware have already been described.…
It is apparent from past evidence that threat actors (TAs) utilize social media platforms to demonstrate their technical expertise to attract potential allies or customers interested in acquiring or leasing malware families such as Stealers, Ransomware, RATs, and similar tools.…