Lucene search
K

26 matches found

Trellix
Trellix
added 2023/10/05 12:0 a.m.56 views

Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)

Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities By Gurumoorthi Ramanathan · October 5, 2023 Executive Summary: In early July 2023, the threat actor that Microsoft calls “Storm-0324” was observed sending a phishing message through Microsoft Teams. Storm-0324 is a financially motivat...

8.2AI score0.12107EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/09/12 5:0 p.m.78 views

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...

4.1CVSS7.3AI score0.12107EPSS
Exploits0
Securelist
Securelist
added 2023/06/07 8:0 a.m.197 views

IT threat evolution in Q1 2023. Non-mobile statistics

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

9.3CVSS9.6AI score0.99999EPSS
Exploits456
hivepro
hivepro
added 2023/03/22 6:43 a.m.22 views

Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italys geofencing and creates a loader process on the victim...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/11/16 5:32 p.m.19 views

Disneyland Malware Team: It’s a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/20 8:39 a.m.22 views

New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft

The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable...

1.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/01 5:23 a.m.60 views

Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia

Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu aka "Virus", the individual in question, was detained at the El Dorado airport in...

1.6AI score
Exploits0
HackRead
HackRead
added 2021/06/30 9:9 p.m.27 views

Colombia arrests suspect wanted by US over Gozi virus

By Waqas The countries targeted by the Gozi virus included Finland, Germany, United States, and the United Kingdom with victims like NASA. This is a post from HackRead.com Read the original post: Colombia arrests suspect wanted by US over Gozi virus...

2.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/03 11:0 a.m.13 views

Threat Source newsletter for Sept. 3, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoade...

2.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/09/03 8:6 a.m.16 views

Salfram: Robbing the place without removing your name tag

By Holger Unterbrink and Edmund Brumaghin. Threat summary Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.The campaigns distributed various malware payloads including Gozi ISFB, ZLoader...

1.5AI score
Exploits0
ThreatPost
ThreatPost
added 2020/04/17 2:33 p.m.78 views

Hackers Update Age-Old Excel 4.0 Macro Attack

Hackers have updated the age-old Excel malware attack technique with a new passwordless twist. Researchers have identified a new method that no longer requires victims to enter a password to open a danger document, more readily exposing them to potential malware infection. Researchers from securi...

7AI score
Exploits0References9
Krebs on Security
Krebs on Security
added 2019/05/16 10:5 p.m.68 views

Feds Target $100M ‘GozNym’ Cybercrime Network

Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the sam...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2019/05/16 12:23 p.m.72 views

'GozNym' Banking Malware Gang Dismantled by International Law Enforcement

In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime network behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe,...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/05/16 12:23 p.m.1 views

'GozNym' Banking Malware Gang Dismantled by International Law Enforcement

In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime network behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2018/03/06 7:59 a.m.84 views

Gozi ISFB Remains Active in 2018, Leverages "Dark Cloud" Botnet For Distribution

This blog post was authored by Edmund Brumaghin and Holger Unterbrink, with contributions from Adam Weller. Executive Summary Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are a type of malware tha...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2016/05/03 1:25 a.m.21 views

Russian Hacker Who Stole From Banks Ordered to Pay $7 Million

A Russian man who spent about 3 years behind bars in the United States has been spared further prison time but ordered to pay $7 Million to cover damages he caused to banks using a vicious computer virus. Nikita Vladimirovich Kuzmin was arrested in 2010 and imprisoned in August 2011 for developin...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2016/04/25 2:35 p.m.21 views

GozNym Trojan Attackers Set Sights on Europe, Poland

The banking malware GozNym has legs; only a few weeks after the hybrid Trojan was discovered, it has reportedly spread into Europe and begun plaguing banking customers in Poland with redirection attacks. The malware has started targeting corporate, SMB, investment banking and consumer accounts at...

6.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2016/04/14 1:43 p.m.16 views

Bank Trojans Nymaim, Gozi Merge Create GozNym

Two powerful Trojans, Nymaim and Gozi ISFB, have been combined to create a “double-headed beast” called GozNym. The Trojan has managed to steal $4 million since it was first discovered just two weeks ago, according to IBM X-Force Research. It reports the hybrid Trojan is currently engaged in an...

0.7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2015/11/18 9:42 a.m.16 views

Attackers Embracing Steganography to Hide Communication

Encouraged by patterns carried out on a larger scale recently, researchers believe digital steganography has arrived as a legitimate method for attackers to use when it comes to obscuring communication between command and control servers. In a presentation last week at Black Hat Europe researcher...

0.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2015/09/08 3:1 p.m.10 views

Gozi Co-Author Pleads Guilty As Authors Behind Citadel, Dridex Arrested

The author behind one strain of banking malware, Gozi, has plead guilty and is awaiting sentencing while two other men, who allegedly had a hand in developing the banking malware Citadel and Dridex, were recently apprehended. Latvian Deniss Calovskis, 30, acknowledged in a federal court in New Yo...

0.7AI score
Exploits0References12
Rows per page
Query Builder