#malwareanalysis

Spot the Difference: Earth Kasha’s New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

by

November 19, 2024 at 03:59AM The blog analyzes Earth Kasha’s LODEINFO malware campaign targeting Japan, Taiwan, and India from 2023-2024. It highlights updated tactics, techniques, and procedures (TTPs), including exploiting vulnerabilities in public-facing applications, credential theft, and the use of various backdoors like LODEINFO and NOOPDOOR. The report draws connections with APT10 umbrella activities. ### … Read more

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

by

November 19, 2024 at 02:57AM T-Mobile has confirmed it was targeted by Chinese threat actors, known as Salt Typhoon, during a prolonged cyber espionage campaign. Although no significant impact on T-Mobile’s data has been reported, the situation highlights broader vulnerabilities in U.S. telecoms, including potential theft of sensitive communications. Investigations continue. ### Meeting Takeaways 1. … Read more

ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue

by

November 13, 2024 at 07:22PM Bitdefender has launched a free decryption tool for ShrinkLocker ransomware, leveraging a simple yet effective malware approach. The tool is now part of their collection of decryptors. Meanwhile, CISA’s ScubaGear software, designed to enhance Microsoft 365 security, has seen a surge in downloads due to rising cloud attack vulnerabilities. ### … Read more

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

by

November 13, 2024 at 11:22AM A Hamas-affiliated threat group, WIRTE, has escalated cyber operations from espionage to disruptive attacks targeting Israeli entities and other regional countries despite ongoing conflict. Their techniques include phishing campaigns and malware like the SameCoin wiper, reflecting their politically motivated activities throughout 2024. ### Meeting Takeaways: Threat Intelligence / Cyber Espionage … Read more

China’s Volt Typhoon Rebuilding Botnet

by

November 13, 2024 at 07:21AM Security researchers report that China’s Volt Typhoon botnet has re-emerged, utilizing the same core infrastructure and techniques as before. This development highlights ongoing cybersecurity threats linked to the botnet’s resurgence. **Meeting Takeaways:** 1. **Botnet Activity**: The botnet associated with China’s Volt Typhoon has recently resurfaced. 2. **Techniques and Infrastructure**: It … Read more

Trend Micro and Japanese Partners Reveal Hidden Connections Among SEO Malware Operations

by

November 11, 2024 at 04:18AM Trend Micro, in collaboration with various Japanese organizations, analyzed SEO malware relationships and their role in fake e-commerce scams. They identified distinct threat actor groups using specific and multiple malware families, showcasing how these malwares share infrastructure to optimize SEO poisoning attacks. Findings were presented at the 2024 IEEE Conference. … Read more

Scattered Spider, BlackCat claw their way back from criminal underground

by

November 8, 2024 at 10:05AM Scattered Spider and BlackCat/ALPHV gangs have resurfaced after prior arrests, using social engineering and new tactics in cyberattacks. They recently breached a manufacturing firm, employing RansomHub malware for encryption. Ransomware threats persist, emphasizing the need for stringent security measures and vigilant defense against evolving criminal strategies. ### Meeting Takeaways 1. … Read more

Breaking Down Earth Estries’ Persistent TTPs in Prolonged Cyber Operations

by

November 8, 2024 at 04:49AM Earth Estries utilizes two distinct attack chains, exploiting vulnerabilities especially in Microsoft Exchange servers. The first chain employs CAB-delivered tools like PsExec and Cobalt Strike for lateral movement. The second chain uses web shells and backdoors like Zingdoor for data exfiltration. Continuous updates confirm their persistent threat. ### Meeting Takeaways … Read more

North Korean hackers use new macOS malware against crypto firms

by

November 7, 2024 at 05:17PM North Korean hacker group BlueNoroff is targeting crypto businesses with a new multi-stage macOS malware campaign, dubbed “Hidden Risk.” Utilizing phishing emails about cryptocurrency, the malware employs novel techniques for persistence and evasion, ensuring it remains undetected. This campaign marks an evolution in their tactics over the past year. ### … Read more

5 Most Common Malware Techniques in 2024

by

November 7, 2024 at 05:04AM Tactics, techniques, and procedures (TTPs) are essential for cybersecurity, identifying threats more reliably than indicators of compromise. This report details techniques like disabling Windows Event Logging, PowerShell exploitation, and registry manipulation, showcasing real-world examples through ANY.RUN’s sandbox to analyze malware behavior and enhance threat detection capabilities. ### Meeting Takeaways 1. … Read more