Credit to Author: Ian Kenefick| Date: Tue, 27 Feb 2024 00:00:00 +0000
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.
Read moreCredit to Author: Cedric Pernet| Date: Mon, 26 Feb 2024 00:00:00 +0000
During our monitoring of Earth Lusca, we noticed a new campaign that used Chinese-Taiwanese relations as a social engineering lure to infect selected targets.
Read moreCredit to Author: Sunny Lu| Date: Tue, 20 Feb 2024 00:00:00 +0000
In this blog entry, we focus on Earth Preta’s campaign that employed a variant of the DOPLUGS malware to target Asian countries.
Read moreCredit to Author: Feike Hacquebord| Date: Wed, 31 Jan 2024 00:00:00 +0000
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
Read moreCredit to Author: Feike Hacquebord| Date: Fri, 13 Oct 2023 00:00:00 +0000
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
Read moreCredit to Author: Trent Bessell| Date: Thu, 12 Oct 2023 00:00:00 +0000
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
Read moreCredit to Author: Mohamed Fahmy| Date: Fri, 29 Sep 2023 00:00:00 +0000
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
Read moreCredit to Author: Srivathsa Sharma| Date: Fri, 22 Sep 2023 00:00:00 +0000
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
Read more