May 4, 2024 at 12:19PM APT42, an Iranian state-backed threat actor, is using social engineering, specifically posing as journalists, to breach Western and Middle Eastern corporate networks and cloud environments. The group, affiliated with Iran’s IRGC-IO, targets NGOs, media outlets, and more. They employ custom backdoors “Nicecurl” and “Tamecat” to gain access and exfiltrate data. … Read more
April 4, 2024 at 07:03PM Latrodectus, a new malware linked to the IcedID loader, was discovered in November 2023. It is believed to be an evolution of IcedID with similar operational ties. The malware is capable of carrying out various malicious activities, including evasive sandbox checks and communication with command and control servers. Its widespread … Read more
November 21, 2023 at 10:56AM A sophisticated phishing campaign using DarkGate and PikaBot malware is posing a significant threat to organizations. The campaign began after the takedown of the Qakbot operation and is considered one of the most advanced since then. The attackers employ tactics similar to the previous Qakbot campaigns, indicating a shift to … Read more