April 24, 2024 at 01:39AM A new malware campaign, linked to threat actor CoralRaider, is distributing multiple stealers via Content Delivery Network (CDN) cache domains. The campaign targets various businesses in different countries, adopting deceptive tactics such as phishing emails and booby-trapped links to propagate malware. The modular PowerShell loader script bypasses User Access Controls … Read more
April 17, 2024 at 04:42AM Cisco warns of a surge in brute-force attacks targeting VPN services, web application interfaces, and SSH services, originating from TOR exit nodes and other proxy services. Various devices are being targeted across different sectors and geographies using both generic and valid usernames. Additionally, threat actors are exploiting a security flaw … Read more
April 16, 2024 at 12:14PM Cisco warns about a global large-scale brute force attack targeting VPN and SSH services on various devices. The attack involves a mix of valid and generic employee usernames, started on March 18, 2024, and uses anonymization tools. It targets a range of services and lacks a specific focus, with possible … Read more
March 21, 2024 at 12:57PM Turla, a Russia-linked threat actor, infected European NGO systems with TinyTurla-NG backdoor, persisting and evading antivirus. They exploited initial access, exfiltrated data through Chisel, breached since Oct 2023, with a targeted campaign and customized malware. Turla’s activities involve Microsoft Defender exclusions and malicious service creation. Cisco Talos disclosed this in … Read more
March 5, 2024 at 01:15PM The U.S. Treasury’s Office of Foreign Assets Control has imposed sanctions on two individuals and five entities associated with the Intellexa Consortium for developing and distributing the Predator spyware, used to target Americans, including government officials and journalists. Sanctions freeze U.S.-based assets and transactions with them, signaling the U.S. government’s … Read more
February 28, 2024 at 03:21AM Mexican users have been targeted with tax-themed phishing lures since November 2023 to distribute a new Windows malware called TimbreStealer. The skilled authors use sophisticated tactics like geofencing and obfuscation to evade detection and ensure persistence. The malware harvests a wide range of data and targets various industries, with a … Read more
February 15, 2024 at 10:52AM The Russia-sponsored APT group Turla launched a cyberespionage campaign targeting Polish NGOs, using a new backdoor named “TinyTurla-NG” with modular capabilities. The backdoor allows execution of PowerShell and Windows Command Line Interface commands, and a new implant, TurlaPower-NG, for exfiltrating files. Turla also employs old tactics like compromised WordPress-based websites … Read more
February 15, 2024 at 10:18AM Russian threat actor Turla has been using a new backdoor, TinyTurla-NG, in a campaign targeting Polish non-governmental organizations. The backdoor is similar to TinyTurla, used in previous intrusions. Turla, linked to the FSB, has also targeted the defense sector in Ukraine and Eastern Europe with a .NET-based backdoor called DeliveryCheck. … Read more
January 9, 2024 at 08:22AM Security researchers, in collaboration with Cisco Talos, Avast, and the Netherlands police, have released an updated decryptor for the Babuk ransomware Tortilla variant. The decryptor, freely available online, utilizes a single private key across all victims, making it straightforward to support Tortilla victims. Organizations can access the decryptor from Avast … Read more
December 11, 2023 at 04:29PM Lazarus, the North Korean hacking group, is utilizing CVE-2021-44228 to launch new malware families written in DLang as part of “Operation Blacksmith.” This campaign, targeting various industries, demonstrates the group’s evolving tactics. The new malware includes the remote access trojans NineRAT and DLRAT, as well as the downloader BottomLoader. Lazarus … Read more