This blog post on TURLA was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 11, 2022.
Executive SummarySEKOIA.IO Threat & …
This blog post on TURLA was originally published as a FLINT report (SEKOIA.IO Flash Intelligence) sent to our clients on May 11, 2022.
Executive SummarySEKOIA.IO Threat & …
This post is also available in: 日本語 (Japanese)
Executive SummaryEmotet is one of the most prolific email-distributed malware families in our current threat landscape. Although a coordinated law enforcement …
This post is also available in: 日本語 (Japanese)
Executive SummaryThis blog describes an attack that Unit 42 observed utilizing malicious compiled HTML help files for the initial delivery. We …
Trend Micro’s Managed XDR team addressed a Kingminer botnet attack conducted through an SQL exploit. We discuss our findings and analysis in this report.
We observed malicious activities in a …
The Quantum Locker is a ransomware strain that was first discovered in July 2021. Since then, the ransomware was observed used in fast ransomware attacks, in some cases even Time-to-Ransom …
This post is also available in: 日本語 (Japanese)
Executive SummaryCobalt Strike is commercial threat emulation software that emulates a quiet, long-term embedded actor in a network. This actor, known …
This post is also available in: 日本語 (Japanese)
Executive SummaryRecently, we’ve identified a new version of SolarMarker, a malware family known for its infostealing and backdoor capabilities, mainly delivered …
Over the last several years, the Cybereason Nocturnus Team has been tracking different APT groups operating in the Middle East region, including two main sub-groups of the Hamas cyberwarfare division: …
Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to …
A Cobalt Strike Cybercrime Syndicate and the Ransomware Hackers’ Favorite Weapon
On March 9, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service issued an updated alert …
This post is also available in: 日本語 (Japanese)
Executive SummaryCobalt Strike is commercial threat emulation software that emulates a quiet, long-term embedded actor in a network. This actor, known …
In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their …
In the past few months, a new wave of cyberattacks has been flooding Iran. These attacks are far from minor website defacements – the recent wave is hitting national infrastructure …
This post is also available in: 日本語 (Japanese)
Executive SummaryAs early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. …
Lorenz is a ransomware strain observed first in February of 2021, and is believed to be a rebranding of the “.sZ40” ransomware that was discovered in October 2020. Lorenz targets …
Over the past months, the Cybereason Nocturnus Team has been tracking the Iranian hacker group known as Moses Staff. The group was first spotted in October 2021 and claims their …
Over the past months, the Cybereason Nocturnus Team observed an uptick in the activity of the Iranian attributed group dubbed Phosphorus (AKA Charming Kitten, APT35), known for previously attacking medical …