BazarCall Call Back Phishing Attacks Constantly Evolving Its Social Engineering Tactics

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or facilitate the delivery of next-stage payloads such as...

Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to...

New Threat Actor Exotic Lily acting as Initial Access Broker for Conti and Diavol ransomware group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Exotic Lily was first discovered exploiting a zero-day vulnerability in Microsoft MSHTML CVE-2021-40444, which piqued the curiosity of researchers as a potentially sophisticated threat actor. Following additional analysis, it...

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques...

BazarLoader Malware Abuses Slack, BaseCamp Clouds

The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. Join experts fr...

VideoBytes: Ryuk Ransomware Targeting US Hospitals

Hello Folks! In this Videobyte, we’re talking about why hospitals are being targeted by the Ryuk ransomware, what tricks they are using to pull this off and what their motivations might be. Ryuk ransomware is being spread to hospitals using targeted phishing emails that infect systems with the...

Ransomware Activity Targeting the Healthcare and Public Health Sector

Summary This advisory was updated to include information on Conti, TrickBot, and BazarLoader, including new IOCs and Yara Rules for detection. This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® version 7 framework. See the ATT&CK for Enterprise version 7 f...

TAU Threat Advisory: Imminent Ransomware threat to U.S. Healthcare and Public Health Sector

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency CISA issued a joint alert this week with regards to an imminent cybercrime threat to US hospitals and healthcare providers. The alert was coauthored by CISA, the Federal Bureau of Investigation FBI, and the...