December 10, 2024 at 06:54AM A cyber espionage group linked to China has targeted IT service providers in Southern Europe, utilizing Microsoft Visual Studio Code Remote Tunnels for command and control. Detected between June and July 2024, the attacks aimed to establish footholds for future data breaches, leveraging legitimate tools to evade detection, highlighted by … Read more
August 23, 2024 at 05:12PM A new version of XenoRAT malware called MoonPeak, with ties to North Korea’s Kimsuky group, is actively evolving and deploying complex infrastructure for command and control. It exhibits functional changes from the original XenoRAT, making detection challenging. Cisco Talos discovered the variant, analyzing its code modifications, infrastructure changes, and connections … Read more
July 8, 2024 at 05:43PM A new cyber espionage actor, “CloudSorcerer,” is targeting Russian government organizations with sophisticated malware, leveraging public cloud services for C2 and purposes. The group’s primary malware tool has multiple functions including covert monitoring and data collection, and it dynamically adapts its behavior based on its execution context, posing a challenge … Read more
July 8, 2024 at 12:34PM A new cyber espionage group called CloudSorcerer has been detected targeting Russian government entities using cloud services for command-and-control (C2) and data exfiltration. The group’s innovative tactics and use of cloud resources, including Microsoft Graph, Yandex Cloud, Dropbox, and GitHub, demonstrates a sophisticated approach to cyber espionage and data collection. … Read more
April 4, 2024 at 07:03PM Latrodectus, a new malware linked to the IcedID loader, was discovered in November 2023. It is believed to be an evolution of IcedID with similar operational ties. The malware is capable of carrying out various malicious activities, including evasive sandbox checks and communication with command and control servers. Its widespread … Read more
February 29, 2024 at 03:33AM SPIKEDWINE, a new threat actor, targeted European officials with Indian ties using the WINELOADER backdoor. They used a PDF email attachment posing as an invitation from the Indian Ambassador for a wine-tasting event, enabling malware installation. The attack is sophisticated and evasive, utilizing compromised websites for command and control. The … Read more