1663 matches found
LimeRAT Malware Analysis: Extracting the Config
Remote Access Trojans RATs have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it...
Charming Kitten Hackers Utilize New Tactics with BellaCiao Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Iranian APT group, Charming Kitten, is using a new, sophisticated malware called BellaCiao to target specific victims in multiple regions, employing unique communication tactics with its...
APT trends report Q1 2023
For more than five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have publishe...
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated...
Automating Qakbot Detection at Scale With Velociraptor
In this blog, you will learn a practical methodology to extract configuration data from recent Qakbot samples. I will provide some background on Qakbot, then walk through decode themes in an easy to visualize manner. Additionally, I'll share a Velociraptor artifact to detect and automate the deco...
Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites
A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control GC2 amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group TAG attributed the campaign to ...
New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers
A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control C2. "Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular...
Automating Qakbot decode at scale
This is a technical post covering practical methodology to extract configuration data from recent Qakbot samples. In this blog, I will provide some background on Qakbot, then walk through decode themes in an easy to visualize manner. I will then share a Velociraptor artifact to detect and automat...
Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions. The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte,...
Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen
A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. The activity, which commenced in August 2022, is currently ongoing, the Ocelot Team...
New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service DDoS attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime...
Emotet adopts Microsoft OneNote attachments
Last week, Emotet returned after a three month absence when the botnet Epoch 4 started sending out malicious emails with malicious Office macros. While the extracted attachments were inflated to several hundred megabytes, it was surprising to see that Emotet persisted in using the same attack...
Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide
An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...
Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments
High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the...
Deceptive Discord Campaign Targets Government Entities with PureCrypter Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Government entities in the Asia-Pacific and North American regions have been targeted by a threat actor using the PureCrypter malware downloader. This particular malware has been used to distribute vario...
PureCrypter Malware Targets Government Entities in Asia-Pacific and North America
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit...
PureCrypter Malware Targets Government Entities in Asia-Pacific and North America
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit...
Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks
An open source command-and-control C2 framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023...
Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks
An open source command-and-control C2 framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023...