13 matches found
Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia
A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia. Security researchers at Kaspersky, who presented their findings at the...
Lyceum group reborn
This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group also known as Hexane, which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new...
Threat Source newsletter (Aug. 22)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. What’s old is new again. Our research this week centers around a series of long-lasting threat actors and malware that have been given n...
Threat Source newsletter (May 23)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Election security is a touchy — and oftentimes depressing — topic of conversation. So why not let Beer with Talos bring some levity...
Threat Source newsletter (May 16)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We were packed with vulnerabilities this week. For starters, there’s Microsoft Patch Tuesday, which we’ll cover farther down. We al...
Threat Source newsletter (May 9)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...
DNSpionage group’s Karkoff malware selectively pick victims
By Ryan De Souza Karkoff creates a timeline of the command execution which can be "extremely" useful when responding to this type of threat. The IT security researchers at Cisco's Talos threat research team have discovered a new malware that has been developed by the threat actors behind the...
Threat Source (April 25)
Newsletter compiled by Jonathan Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. If you haven’t yet, there’s still time to register for this year’s Talos Threat Research Summit — our second annual conference by...
DNSpionage brings out the Karkoff
Warren Mercer and Paul Rascagneres authored this post. Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system. Executive summary In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a n...
'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy
The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted...
'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy
The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware. First uncovered in November last year, the DNSpionage attacks used compromised sites and crafted...
Beers with Talos EP 43: Espionage, Encryption, and CISO Square One
Beers with Talos BWT Podcast Ep. 43 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 43 show notes: Recorded Dec. 7, 2018. Several of us are under the weather, but the show must go on. We did our best, as alway...
DNSpionage Campaign Targets Middle East
This blog post was authored by Warren Mercer and Paul Rascagneres. Update 2018-11-27 15:30:00 EDT: A Russian-language document has been removed. Subsequent analysis leads us to believe it is unrelated to this investigation. Executive Summary Cisco Talos recently discovered a new campaign targetin...