26 matches found
Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities By Gurumoorthi Ramanathan · October 5, 2023 Executive Summary: In early July 2023, the threat actor that Microsoft calls “Storm-0324” was observed sending a phishing message through Microsoft Teams. Storm-0324 is a financially motivat...
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...
IT threat evolution in Q1 2023. Non-mobile statistics
IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...
Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italys geofencing and creates a loader process on the victim...
Disneyland Malware Team: It’s a Puny World After All
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The...
New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft
The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable...
Hacker Wanted in the U.S. for Spreading Gozi Virus Arrested in Colombia
Colombian authorities on Wednesday said they have arrested a Romanian hacker who is wanted in the U.S. for distributing a virus that infected more than a million computers from 2007 to 2012. Mihai Ionut Paunescu aka "Virus", the individual in question, was detained at the El Dorado airport in...
Colombia arrests suspect wanted by US over Gozi virus
By Waqas The countries targeted by the Gozi virus included Finland, Germany, United States, and the United Kingdom with victims like NASA. This is a post from HackRead.com Read the original post: Colombia arrests suspect wanted by US over Gozi virus...
Threat Source newsletter for Sept. 3, 2020
Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware. The campaigns distributed various malware payloads including Gozi ISFB, ZLoade...
Salfram: Robbing the place without removing your name tag
By Holger Unterbrink and Edmund Brumaghin. Threat summary Cisco Talos recently uncovered a series of email campaigns utilizing links to malicious documents hosted on legitimate file-sharing platforms to spread malware.The campaigns distributed various malware payloads including Gozi ISFB, ZLoader...
Hackers Update Age-Old Excel 4.0 Macro Attack
Hackers have updated the age-old Excel malware attack technique with a new passwordless twist. Researchers have identified a new method that no longer requires victims to enter a password to open a danger document, more readily exposing them to potential malware infection. Researchers from securi...
Feds Target $100M ‘GozNym’ Cybercrime Network
Law enforcement agencies in the United States and Europe today unsealed charges against 11 alleged members of the GozNym malware network, an international cybercriminal syndicate suspected of stealing $100 million from more than 41,000 victims with the help of a stealthy banking trojan by the sam...
'GozNym' Banking Malware Gang Dismantled by International Law Enforcement
In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime network behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe,...
'GozNym' Banking Malware Gang Dismantled by International Law Enforcement
In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime network behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe,...
Gozi ISFB Remains Active in 2018, Leverages "Dark Cloud" Botnet For Distribution
This blog post was authored by Edmund Brumaghin and Holger Unterbrink, with contributions from Adam Weller. Executive Summary Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years. Banking trojans are a type of malware tha...
Russian Hacker Who Stole From Banks Ordered to Pay $7 Million
A Russian man who spent about 3 years behind bars in the United States has been spared further prison time but ordered to pay $7 Million to cover damages he caused to banks using a vicious computer virus. Nikita Vladimirovich Kuzmin was arrested in 2010 and imprisoned in August 2011 for developin...
GozNym Trojan Attackers Set Sights on Europe, Poland
The banking malware GozNym has legs; only a few weeks after the hybrid Trojan was discovered, it has reportedly spread into Europe and begun plaguing banking customers in Poland with redirection attacks. The malware has started targeting corporate, SMB, investment banking and consumer accounts at...
Bank Trojans Nymaim, Gozi Merge Create GozNym
Two powerful Trojans, Nymaim and Gozi ISFB, have been combined to create a “double-headed beast” called GozNym. The Trojan has managed to steal $4 million since it was first discovered just two weeks ago, according to IBM X-Force Research. It reports the hybrid Trojan is currently engaged in an...
Attackers Embracing Steganography to Hide Communication
Encouraged by patterns carried out on a larger scale recently, researchers believe digital steganography has arrived as a legitimate method for attackers to use when it comes to obscuring communication between command and control servers. In a presentation last week at Black Hat Europe researcher...
Gozi Co-Author Pleads Guilty As Authors Behind Citadel, Dridex Arrested
The author behind one strain of banking malware, Gozi, has plead guilty and is awaiting sentencing while two other men, who allegedly had a hand in developing the banking malware Citadel and Dridex, were recently apprehended. Latvian Deniss Calovskis, 30, acknowledged in a federal court in New Yo...