Exposing Infection Techniques Across Supply Chains and Codebases

Credit to Author: Aliakbar Zahravi| Date: Thu, 05 Oct 2023 00:00:00 +0000

This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.

Read more

APT34 Deploys Phishing Attack With New Malware

Credit to Author: Mohamed Fahmy| Date: Fri, 29 Sep 2023 00:00:00 +0000

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.

Read more

Examining the Activities of the Turla APT Group

Credit to Author: Srivathsa Sharma| Date: Fri, 22 Sep 2023 00:00:00 +0000

We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.

Read more

Attacks on 5G Infrastructure From Users’ Devices

Credit to Author: Salim S.I.| Date: Wed, 20 Sep 2023 00:00:00 +0000

Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.

Read more

TrickBot & Conti Sanctions: Implications for CISOs & Boardrooms

Credit to Author: Ed Cabrera| Date: Fri, 08 Sep 2023 00:00:00 +0000

Discover what the increased regulatory risk due to recent US and UK sanctions imposed on TrickBot and Conti cybercriminals mean for CISOs and board members.

Read more

Earth Estries Targets Government, Tech for Cyberespionage

Credit to Author: Ted Lee| Date: Wed, 30 Aug 2023 00:00:00 +0000

We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector.

Read more

TargetCompany Ransomware Abuses FUD Obfuscator Packers

Credit to Author: Don Ovid Ladores| Date: Mon, 07 Aug 2023 00:00:00 +0000

In this entry, we detail our analysis of how the TargetCompany ransomware abused an iteration of fully undetectable (FUD) obfuscator engine BatCloak to infect vulnerable systems.

Read more

Detecting BPFDoor Backdoor Variants Abusing BPF Filters

Credit to Author: Fernando Merces| Date: Thu, 13 Jul 2023 00:00:00 +0000

An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021.

Read more