September 23, 2024 at 02:51AM Attackers are using a new post-exploitation tool called Splinter to infiltrate and disrupt victims’ IT environments. The malicious tool can execute Windows commands, steal files, collect cloud service account info, and download additional malware. Unlike Cobalt Strike, Splinter poses a potential threat to organizations and remains undetected on victims’ networks. … Read more
September 1, 2024 at 12:39PM Cicada3301 is a new ransomware-as-a-service (RaaS) operation with 19 victims listed on its portal. It conducts double-extortion tactics, utilizing data theft as leverage. The malware overlaps with ALPHV/BlackCat, employing similar encryption methods. It may have ties to the Brutus botnet and targets VMware ESXi setups, causing significant damage to enterprise … Read more
May 27, 2024 at 03:54AM The Pakistan-based Transparent Tribe has been linked to new attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware. The attacks, spanning from late 2023 to April 2024, utilized popular online services for spear-phishing campaigns. The group is known for cyber espionage operations and has experimented with new intrusion … Read more
January 18, 2024 at 11:03AM COLDRIVER, a Russia-linked threat actor, has evolved its tactics to include creating and using its first custom malware in the Rust programming language. The group leverages PDF decoy documents in spear-phishing campaigns, targeting organizations in various sectors. Google TAG has observed the actor’s use of benign PDFs to deliver a … Read more
December 4, 2023 at 06:54AM Cybersecurity experts have uncovered a new version of the P2PInfect botnet targeting routers and IoT devices, now able to infect devices using MIPS architecture. First identified in 2023 exploiting a critical Redis vulnerability, P2PInfect has evolved with evasion tactics and now includes a Windows DLL module, indicating a sophisticated threat … Read more
November 28, 2023 at 04:36AM Amid the ongoing conflict between Israel and Hamas, attackers associated with Hamas are using an updated version of the SysJoker backdoor to target Israeli entities. This new variant, written in the Rust programming language, retains similar functionalities but has undergone significant evolution. The attackers are also utilizing OneDrive instead of … Read more
November 27, 2023 at 12:48PM Palestinian militant group Hamas is using a revamped version of the SysJoker backdoor to target Israel, according to researchers from Check Point. The new variant, written in the Rust programming language, maintains similar functionality but has been completely rewritten. The group is also using OneDrive for command-and-control server URLs. The … Read more
November 27, 2023 at 09:57AM Recently, a new variant of the multi-platform malware called ‘SysJoker’ has been discovered. It has undergone a complete code rewrite in the Rust programming language. This malware, initially documented in early 2022, operates on Windows, Linux, and macOS systems. The new variant has been linked to ‘Operation Electric Powder,’ believed … Read more