By Juan Andres Guerrero-Saade (@juanandres_gs) and Max van Amerongen (@maxpl0it) Executive Summary On Thursday, February 24th, 2022, a cyber attack rendered Viasat KA-SAT modems inoperable
Tag: BOTNET
Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early
A Cobalt Strike Cybercrime Syndicate and the Ransomware Hackers’ Favorite Weapon On March 9, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret
This is the story of piecing together information and research leading to the discovery of one of the largest botnet-as-a-service cybercrime operations we’ve seen in
This report discusses the technical capabilities of this Cyclops Blink malware variant that targets ASUS routers and includes a list of more than 150 current
The ASEC analysis team is constantly monitoring malware distributed to vulnerable database servers (MS-SQL, MySQL servers). This blog will explain the RAT malware named Gh0stCringe[1].
Background Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on
By Securonix Threat Labs, Threat Research: Oleg Kolesnikov, Den Iuzvyk, and Tim Peck Introduction Our researchers have identified EnemyBot, a brand new Linux-based botnet. At first
The emails can be jarring, but the technique used by Qakbot (aka Qbot) seems to be especially convincing: The email-borne malware has a tendency to
What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets Executive Summary Since its reemergence on Nov. 14, 2021,
February 22, 2022 Editor’s Note: Since conducting his initial research, ZeroFox Intelligence Researcher Stephan Simon has uncovered additional details about the operators and the botnet. Updates
This post is also available in: 日本語 (Japanese) Executive Summary As early as Dec. 21, 2021, Unit 42 observed a new infection method for the
Research by: Aliaksandr Trafimchuk, Raman Ladutska This research comes as a follow-up to our previous article on Trickbot, “When Old Friends Meet Again: Why Emotet
These websites host Smokeloader payloads as part of three categories named “pab1”, “pab2” and “pab3”. These are not necessarily linked to the analogous “pub*” affiliate