Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader , strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service MaaS model. The threat actor behind CastleLoader has been assigned the...

TA866 Group Linked to New WarmCookie Malware in Espionage Campaign

Cisco Talos reveals TA866's also known as Asylum Ambuscade sophisticated tactics and its link to the new WarmCookie…...

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns. WarmCookie, observed being used for initial access and persistence, offers a means for continuous long-term access to compromised environments and is used...

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 also known as Asylum Ambuscade is a threat actor that has been conducting intrusion operations since at least 2020. TA866 has frequently relied on commodity and custom tooling to facilitate post-compromise activities. These tools often perform specific functions and are deployed and used as...

WARMCOOKIE Backdoor: Rising via Recruitment-Themed Phishing

...

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional...