Threat Actor Leveraging Discord Channel to Spread Malware Cyble Research and Intelligence Labs (CRIL) has continuously monitored phishing campaigns that distribute different malware families such
Tag: CLOUD
While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted
Introduction ThreatLabz recently discovered a sample of the multi-function malware LilithBot in our database. Further research revealed that this was associated with the Eternity group
The CrowdStrike Falcon® platform, leveraging a combination of advanced machine learning and artificial intelligence, identified a new supply chain attack during the installation of a
Key Takeaways Sygnia recently investigated a Cheerscrypt ransomware attack which utilized Night Sky ransomware TTPs. Further analysis revealed that Cheerscrypt and Night Sky
This is the third blog post in a four-part series. Read Part 1 | Part 2 | Part 4. In Part 1 of this four-part
Zscaler ThreatLabz has observed a campaign that delivers Agent Tesla, a .NET based keylogger and remote access trojan (RAT) active since 2014, using a builder
This post is also available in: 日本語 (Japanese) Executive Summary Unit 42 recently observed a polyglot Microsoft Compiled HTML Help (CHM) file being employed in
Executive Summary The cyber mercenary group known as Void Balaur continues to expand their hack-for-hire campaigns into 2022 unphased by disruptions to their online advertising
Executive Summary NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can
Broadcom Software, tracks as Coreid (aka FIN7, Carbon Spider). Darkside was used in the Colonial Pipeline ransomware attack in May 2021. The extreme amount of
This post is also available in: 日本語 (Japanese) Executive Summary Cybercriminals compromise domain names to attack the owners or users of the domains directly, or
Key points Crytox is a ransomware family consisting of several stages of encrypted code that was first observed in 2020 The ransomware encrypts local disks
Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining. We observed
In July 2022, during proactive threat hunting activities at a company in the media industry, Mandiant Managed Defense identified a novel spear phish methodology employed by the threat cluster tracked as UNC4034. Mandiant has identified several overlaps between this group and those we suspect have a North Korea nexus.
UNC4034 established communication…