August 16, 2024 at 08:21AM Chinese-speaking users are being targeted by an ongoing campaign distributing the multi-stage malware ValleyRAT, capable of remote control and executing various harmful actions on compromised workstations. The attackers utilize shellcode extensively and deploy arbitrary plugins. The malware’s distribution method remains unknown. The campaign emerges amid attempts to exploit an old … Read more
July 31, 2024 at 06:36AM Zscaler’s ThreatLabz 2024 Ransomware Report reveals a company paid a record $75 million ransom to Dark Angels in early 2024, nearly double the highest known payment. An 18% increase in ransomware attacks was reported from April 2023 to April 2024. The report advises against paying ransom and highlights Dark Angels’ … Read more
July 30, 2024 at 04:26PM A Fortune 50 company made a record-breaking $75 million ransom payment to the Dark Angels ransomware gang in early 2024. Dark Angels is known for targeting high-value companies and using stolen data as leverage for ransom demands. They employ a “Big Game Hunting” strategy, focusing on large, lucrative targets for … Read more
July 11, 2024 at 09:38PM APT41, a Chinese government-backed cyber espionage group, has added DodgeBox loader and MoonWalk backdoor to their malware toolbox. Zscaler’s ThreatLabz team attributes these new tools to APT41, indicating financially motivated crimes. DodgeBox exhibits advanced capabilities and evasive techniques, with MoonWalk using Google Drive for command-and-control communication. More details on MoonWalk … Read more
June 28, 2024 at 12:51PM The North Korea-linked threat actor Kimsuky has been using a new malicious Google Chrome extension, codenamed TRANSLATEXT, to conduct cyber espionage targeting South Korean academia. This extension gathers sensitive information and is designed to bypass security measures, capture browser screenshots, and exfiltrate stolen data. Kimsuky is known for orchestrating cyber … Read more
May 8, 2024 at 07:06AM A newer version of malware loader Hijack Loader, also known as IDAT Loader, has been updated with anti-analysis techniques, making it more stealthy and effective at evading detection. It now incorporates modules to bypass security measures and deliver various malware families. This includes the decryption and parsing of a PNG … Read more
February 28, 2024 at 01:28PM A recent cyber threat targeted European Union diplomats with a fake wine-tasting event invitation, using a backdoor called “WineLoader.” The attackers, dubbed “SpikedWine,” displayed sophisticated tactics including a staged attack chain and evasive techniques. Researchers at Zscaler’s ThreatLabz discovered the campaign and have issued IoCs and recommendations for detection and … Read more