8 matches found
Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer MSI files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are...
Cyber Signals: Inside the growing risk of gift card fraud
In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...
QakBot's Endgame: The Final Move Before the Takedown
QakBot's Endgame: The Final Move Before the Takedown By Daksh Kapur, Nico Paulo Yturriaga and Alfred Alvarado · September 06, 2023 Figure 1 Attribution at the bottom Qakbot, known under aliases like QBot, QuakBot, and Pinkslipbot, represents an intricately advanced malware strain that has...
Vulnerabilities & Threats that Matter 13 June – 19 June 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 798 53 1 109 4 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 798 vulnerabilities out of which ...
Nation-State Crosshairs: Australia, India & Japan
In The Nation-State Crosshairs: Australia, India & Japan By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’ mindsets...
New Actor DarkHydrus Targets Middle East with Open-Source Phishing
Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work. T...
Who Wasn’t Responsible for Olympic Destroyer?
This blog post is authored by Paul Rascagneres and Martin Lee. Summary Absent contributions from traditional intelligence capacities, the available evidence linking the Olympic Destroyer malware to a specific threat actor group is contradictory, and does not allow for unambiguous attribution. The...
A Storm’s a Coming: How businesses can defend against threat actor groups like Pawn Storm
Pawn Storm aka Sednit5, Fancy Bear, APT28, Sofacy and STRONTIUM8 might sound like Instagram accounts, top-secret spy programs or recently passed legislation, but in reality they are all different names for the same successful cyber espionage group or threat actor group. These actors often use...