Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed...

Malicious code in down-lo-ad-now-zip-mp3-52887-pawn-hearts-4duor-thjpkj (npm)

The package down-lo-ad-now-zip-mp3-52887-pawn-hearts-4duor-thjpkj was found to contain malicious code...

MAL-2025-18699 Malicious code in down-lo-ad-now-zip-mp3-52887-pawn-hearts-4duor-thjpkj (npm)

The package down-lo-ad-now-zip-mp3-52887-pawn-hearts-4duor-thjpkj was found to contain malicious code...

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate...

Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted...

Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)

Shellcode Title: Linux/x64 - memfdcreate ELF loader 170 bytes Shellcode Author: Ivan Nikolsky enty8080 & Tomas Globis tomasglgg Tested on: Linux x8664 Shellcode Description: This shellcode attempts to establish reverse TCP connection, reads ELF length, reads ELF and maps it into the memory, creat...

FBI seizes control of a massive botnet that infected over 500,000 routers

Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack. Yesterday we reported about a piece ...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 24, 2017

There was a time when a person’s motivation to hack something was for financial reasons or for street cred. But now we’re seeing organizations that have other motivations. Pawn Storm is a cyber-espionage organization whose motives include foreign and domestic espionage, and influence on...

A Storm’s a Coming: How businesses can defend against threat actor groups like Pawn Storm

Pawn Storm aka Sednit5, Fancy Bear, APT28, Sofacy and STRONTIUM8 might sound like Instagram accounts, top-secret spy programs or recently passed legislation, but in reality they are all different names for the same successful cyber espionage group or threat actor group. These actors often use...

Pawn Storm: The Power of Social Engineering

In our latest report on Pawn Storm a.k.a. APT28, Fancy Bear, Strontium, etc., researchers expose the scope and scale of the cyber espionage group’s attacks but more importantly their cyber tradecraft. Our researchers have observed activity going back seven years targeting government, military,...

Security update for flash-player (critical)

This security issue was fixed: - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm APSA15-05 bsc950474...

SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1770-1)

flash-player was updated to fix one security issue. This security issue was fixed : - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm APSA15-05 bsc950474. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE securi...

SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1771-1)

flash-player was updated to fix one security issue. This security issue was fixed : - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm APSA15-05 bsc950474. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE securi...

Emergency Adobe Flash Zero Day Patch Arrives Ahead of Schedule

Adobe has decided to patch the zero day vulnerability that was disclosed in Flash Player earlier this week today — instead of next week as originally scheduled. According to a security bulletin Adobe posted this morning the update actually fixes three vulnerabilities in the software, but the most...

Java exposure to high-risk 0day vulnerability has been Russian hackers use-vulnerability warning-the black bar safety net

Today Java exposure to high-risk 0day vulnerability. Trend Micro has warned that the vulnerability has now been a Russian hacking group using, attack target primarily the United States Department of Defense, North Atlantic Treaty Organization member States. Attack The attacker will first to victi...

Java Zero-day vulnerability exploited in the Wild

Really a bad weekend for Internet users. Three previously unknown critical zero-day vulnerabilities were revealed in Adobe’s Flash Player over the weekend, thanks to Hacking team data Breach in which 400GB of internal data were leaked over the Internet. Now, a new zero-day vulnerability has been...

Espionage Campaign targets iOS devices with Malware apps

A malware campaign has been found targeting iOS devices linked to a wide range of entities, including European defense organizations, governments, and media sectors with dangerous espionage spyware capable of breaching non-jailbroken devices, a recent report claims. The spyware campaign, dubbed...