July 4, 2024 at 04:36AM Europol led Operation Morpheus to tackle nearly 600 illegal IP addresses associated with Cobalt Strike. The disruptive action targeted criminal activity, involving partners in 27 countries. Notable support was provided by private sector partners and Europol’s Malware Information Sharing Platform. The operation sent a strong message to cybercriminals globally. However, … Read more
July 4, 2024 at 12:34AM Law enforcement operation MORPHEUS seized nearly 600 servers used by cybercriminal groups and part of the Cobalt Strike attack infrastructure. The crackdown targeted unlicensed versions of Cobalt Strike, involving multiple countries. Exploitation of cracked software contributed to cybercrime, with related arrests and dismantling of other criminal schemes worldwide. Based on … Read more
July 3, 2024 at 03:30PM Europol coordinated a global crackdown targeting cybercriminals’ use of legitimate security tools, resulting in the takedown of nearly 600 Cobalt Strike servers linked to criminal activity. The agency worked with private sector companies to flag and disable unlicensed versions of the tool across 27 countries as part of Operation Morpheus, … Read more
July 3, 2024 at 10:51AM Europol’s Operation Morpheus led to the takedown of nearly 600 Cobalt Strike servers used by cybercriminals to infiltrate networks. Coordinated across multiple countries, the operation involved identifying and targeting criminal infrastructure. The software, originally intended for security testing, has become a primary tool in ransomware and cyberespionage attacks, used by … Read more
July 3, 2024 at 12:15AM Cybersecurity researchers have uncovered a highly targeted attack campaign, named Supposed Grasshopper, targeting Israeli entities using open-source malware such as Donut and Sliver. The attackers use custom WordPress websites to deliver the malware, and the campaign could be the work of a small team. The end goal of the campaign … Read more
June 25, 2024 at 07:51AM Threat actors are using a novel attack technique, named GrimResource, to exploit a vulnerability in Microsoft Management Console (MMC) using maliciously crafted .MSC files. This technique allows for arbitrary code execution and has been used by the Kimsuky hacking group. The approach bypasses security measures and can lead to system … Read more
June 24, 2024 at 03:14PM The command execution technique “GrimResource” exploits an unpatched Windows XSS flaw using malicious MSC files to deploy Cobalt Strike malware. This technique was recently found to be actively exploited in the wild, leveraging an old vulnerability in the Microsoft Management Console. The attack can lead to the execution of other … Read more
June 24, 2024 at 03:06PM A novel command execution technique, ‘GrimResource,’ leverages an unpatched Windows XSS flaw and specially crafted MSC files to deploy malware. This technique successfully evades detection and current antivirus engines. The attack begins with a malicious MSC file exploiting a known XSS vulnerability, ultimately leading to the deployment of Cobalt Strike … Read more
June 20, 2024 at 02:39AM Cybersecurity researchers have uncovered a new evasive malware loader named SquidLoader, targeting Chinese organizations through phishing campaigns. The loader uses various evasion techniques and can deliver second-stage shellcode payloads. Meanwhile, other loaders like Taurus Loader and PikaBot continue to evolve, presenting challenges for detection and mitigation. A law enforcement effort … Read more
June 13, 2024 at 06:48AM Cybersecurity firm Intezer identified a new malware, SSLoad, distributed through a previously undocumented loader called PhantomLoader. SSLoad infiltrates systems through phishing emails and delivers additional malware. It has been observed deploying the legitimate adversary simulation software Cobalt Strike. The malware demonstrates sophisticated capabilities, including reconnaissance and dynamic string decryption. Phishing … Read more