14 matches found
Evil Ant The Python-Powered Ransomware
Summary: Evil Ant Ransomware, a sophisticated Python-based malware compiled with PyInstaller, operates covertly by hiding its console window and executing tasks discreetly. It aims to gain access to critical system functions and encrypt secured files. Threat Level - Amber | Attack Report For a...
Unveiling AcidPour Evolution of Destructive Malware Targeting Ukraine
Summary: AcidPour, a variant of the destructive AcidRain wiper malware previously used during the Russia-Ukraine conflict, signals a heightened threat to Ukraines critical infrastructure. By targeting Linux UBI and DM logic, AcidPour poses a significant risk to large storage devices and RAID...
SapphireStealer’s Stealthy Invasion via Deceptive Legal Documents
Summary: An intricate campaign aimed at Russian individuals has emerged, showcasing the SapphireStealer malware, a publicly available information-stealing tool introduced in December 2022. The incorporation of social engineering techniques significantly enhances the efficacy of these campaigns,...
CHAVECLOAK Banking Trojan Sneaks into Brazil’s Financial Hub
Summary: The CHAVECLOAK banking trojan is purposefully crafted to target the banking credentials of individuals in Brazil, highlighting the ongoing focus of cyber criminals on the nations financial sector. Threat Level - Amber | Attack Report For a detailed threat advisory, download the pdf file...
Unmasking Doppelgänger: Russia’s Disinformation Campaign Revealed
Summary: Doppelgänger, a suspected Russia-aligned influence operation network targeting German audiences with propaganda and disinformation, potentially aiming to sway opinions ahead of elections. Doppelgänger employs coordinated social media activities and a dynamic infrastructure to maximize it...
Migo Targets Redis Servers for Cryptojacking Attacks
Summary: A new campaign has been uncovered that mines cryptocurrencies on Redis servers running Linux hosts by means of a malicious programme known as "Migo." Migo is distributed as a Golang ELF binary that can persist on Linux hosts and is obfuscated at compile time. The malware uses a variety o...
The Zardoor Backdoor’s Silent Takeover of Saudi Charities
Summary: An espionage operation, designed to distribute a backdoor called Zardoor, was uncovered with evidence suggesting it dates back to March 2021. In May 2023, this meticulously orchestrated campaign specifically targeted non-profit organizations in Saudi Arabia. Threat Level - Amber | Attack...
Deceptive Crypto Sites A Breeding Ground for XPhase Clipper
Summary: A global malware campaign is actively targeting cryptocurrency enthusiasts, employing deceptive websites that masquerade as authentic cryptocurrency applications and ultimately leading to the execution of the XPhase Clipper payload. Threat Level - Amber | Attack Report For a detailed...
Art of Impersonation Poses a Threat to Korean IT Powerhouses
Summary: Malicious entities have adeptly employed advanced strategies, masquerading as reputable Korean IT companies. The overarching objective is to establish persistence, achieved through the deployment of RATs such as AsyncRAT and VenomRAT. Threat Level - Amber | Attack Report For a detailed...
Atlassian Addresses Critical RCE Flaws
Summary: Four critical vulnerabilities, namely CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471, have been identified impacting the Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. If successfully exploited, these vulnerabilities could lead to remote...
Mustang Panda Targets Philippines Government Using Legitimate Software
Summary: Mustang Panda, a threat actor associated with China, has been implicated in a cyber attack targeting a government entity in the Philippines. The attackers employed a strategy of using legitimate software, such as Solid PDF Creator and SmadavProtect an antivirus solution based in Indonesi...
SideWinder’s Nim Backdoor Spells Trouble for South Asian Nations
Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements...
Gamaredon Deploys LitterDrifter USB Worm in Cyber Espionage Operations
Summary: Russian cyber espionage group Gamaredon aka Primitive Bear has been observed utilizing a USB-propagating worm known as LitterDrifter in attacks targeting Ukrainian entities. This group has recently adopted LitterDrifter, a worm written in VBS, designed to spread through removable USB...
Security Updates in Multiple Products of Adobe
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Multiple vulnerabilities have been discovered in Adobe Products: 16 critical vulnerabilities have been fixed in Adobe Acrobat and Reader which are listed below: Code execution: CVE-2021-44701, CVE-2021-44704, CVE-2021-44705...