64 matches found
Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks
The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to...
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics
Chinese-speaking users are the target of an ongoing campaign that distributes a malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs...
New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack
A sophisticated ValleyRAT campaign is targeting Chinese Windows users. Learn about the malwares multi-stage attack, its ability to…...
The Evolution of DEEP#GOSU Attack Campaign by Kimsuky Group
Summary: A sophisticated multi-stage attack campaign linked to the North Korean Kimsuky group, dubbed DEEPGOSU. Using PowerShell and VBScript, the attackers leverage remote access trojan RAT software for full control over infected hosts, while employing legitimate services like Dropbox for comman...
Adversaries Leverage Social Media to Disseminate New Python-Based Stealer
Summary: A recently identified malicious campaign involves the use of WinRAR archive files with minimal detection to execute a multi-stage attack. The payload, known as Editbot, is a newly discovered Python-based stealer. Editbot is specifically designed to extract process information and data...
Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack
By Waqas FortiGuard Labs Reveals Insights into Recent Surge of Cyberattacks Utilizing Rust Programming Language. This is a post from HackRead.com Read the original post: Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack...
Detecting and mitigating a multi-stage AiTM phishing and BEC campaign
Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle AiTM phishing and business email compromise BEC attack against banking and financial services organizations. The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and...
New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East
An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX WinTapix.sys, attributed the malware with low confidence to an Iranian threat...
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social...
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social...
Actors, Threats and Vulnerabilities 27 March to 2 April 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of Nine attacks that were executed...
Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware
A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. Cisco Talos said it "observed the actor scanning the internet for victim machines wi...
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims. Talos observed the actor scanning the internet for...
ZuoRAT Can Take Over Widely Used SOHO Routers
A novel multistage remote access trojan RAT that’s been active since April 2020 is exploiting known vulnerabilities to target popular SOHO routers from Cisco Systems, Netgear, Asus and others. The malware, dubbed ZuoRAT, can access the local LAN, capture packets being transmitted on the device an...
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances
Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control C2 communications. "The ransomware is...
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage,...
New LNK attack tied to Higaisa APT discovered
This post was authored by Hossein Jazi and Jérôme Segura On May 29th, we identified an attack that we believe is part of a new campaign from an Advanced Persistent Threat actor known as Higaisa. The Higaisa APT is believed to be tied to the Korean peninsula, and was first disclosed by Tencent...
Innovative PureLocker Ransomware Emerges in Targeted Attacks
The PureLocker ransomware – so-called because it’s written in the PureBasic programming language – has been spotted being used in targeted attacks against both Windows and Linux-based production servers at enterprises. Researchers said it shows unusual characteristics that underscore the innovati...
Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks
Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was primarily being found targeting European and Brazilian users earlier this year. Dubbed Astaroth, the malware trojan has been making the rounds since at...
Decoy Microsoft Word document delivers malware through a RAT
In this post, we take a look at a Microsoft Word document which itself is somewhat clean, but is used to launch a multi-stage attack that relies on the hyperlink feature in the OpenXML format. This then loads another document that contains an exploit. Most malicious Microsoft Office documents...