254 matches found
Threat Roundup for July 29 to August 5
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 29 and Aug. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...
TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine
In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align...
Malware Analysis: Trickbot
In this day and age, we are not dealing with roughly pieced together, homebrew type of viruses anymore. Malware is an industry, and professional developers are found to exchange, be it by stealing one's code or deliberate collaboration. Attacks are multi-layer these days, with diverse sophisticat...
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to...
U.S. Offering $10 Million Reward for Information on Conti Ransomware Hackers
The U.S. State Department has announced rewards of up to $10 million for any information leading to the identification of key individuals who are part of the infamous Conti cybercrime gang. Additionally, it's offering another $5 million for intelligence information that could help arrest or convi...
Conti Leaks: Examining the Panama Papers of Ransomware | Trellix
Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...
Conti Leaks: Examining the Panama Papers of Ransomware | Trellix
Conti Leaks: Examining the Panama Papers of Ransomware By John Fokker, Jambul Tologonov · March 31, 2022 Introduction It isn’t often the whole world gets an inside look of the business operations of a top tier cybercriminal group. Very early on in the Russian-Ukrainian Crisis the predominantly...
Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns
Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the...
Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang
Google's Threat Analysis Group TAG took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a...
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things IoT devices as a go-between for establishing communications with the command-and-control C2 servers. "By using MikroTik routers as proxy server...
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent threats in recent years. The...
Staff Think Conti Group Is a Legit Employer – Podcast
Thanks to gray-hat Ukrainian hacker ContiLeaks, the Conti ransomware gang spilled its guts in late February. Since then, researchers have been poring over the group’s secrets, including a massive trove of chat logs and other doxxed data, including source code for Conti ransomware, TrickBot malwar...
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers
Looking to cyber-hassle Russia, Ukrainian sympathizers? Be careful — malware is making the rounds, disguised as a pro-Ukraine cyber-tool that will turn around and bite you instead, researchers are warning. In a Wednesday threat advisory, Cisco Talos described a campaign it’s observed in which a...
Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers
The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once...
A week in security (February 28 – March 6)
Last week on Malwarebytes Labs: Beware of malware offering “Warm greetings from Saudi Aramco” Update now! Cisco fixes several vulnerabilities HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine Tips to protect your data, security, and privacy from a hands-on expert...
Conti Ransomware Decryptor, TrickBot Source Code Leaked
The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang’s...
Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia
Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, an anonymous security researcher using the Twitter handle @ContiLeaks has leaked the syndicate's internal chats. The file dump, published by malware...
TrickBot Malware Gang Upgrades its AnchorDNS Backdoor to AnchorMail
Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS...
TrickBot takes down server infrastructure after months of inactivity
The king of tricks is dead. Long live the new king. Or will it make a comeback? While we already assumed TrickBot was dead in the water, the shutdown of the server infrastructure on February 24, 2022, did not go unnoticed. Is this really the end of one of the most active botnets in the last decad...