All attack reports
2024 Paris Olympic Games Infrastructure Attack Report
This report examines the malicious activities surrounding the 2024 Paris Olympic Games, where adversaries set up fraudulent social media profiles, online stores, ticketing systems, and cryptocurrencies to exploit the event's popularity. Researchers analyzed newly registered domains (NRDs) before th…
Downloadable IOCs 148
Campaign uses infostealers and clippers for financial gain
Kaspersky has uncovered a complex malware campaign orchestrated by Russian-speaking cybercriminals. The threat actors create sub-campaigns mimicking legitimate projects, using social media to enhance credibility. They host initial downloaders on Dropbox to deliver infostealers like Danabot and Stea…
Downloadable IOCs 68
FIN7: The Truth Doesn't Need to be so STARK
In this collaborative effort, cybersecurity researchers from Silent Push, Stark Industries Solutions, and Team Cymru have identified and disrupted infrastructure associated with the financially motivated threat group FIN7. The analysis uncovered two clusters of potential FIN7 activity communicating…
Downloadable IOCs 103
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Unit 42 researchers uncovered an extortion campaign that compromised and extorted multiple victim organizations by leveraging exposed environment variable files containing sensitive credentials. The campaign involved setting up attack infrastructure within victims' Amazon Web Services (AWS) environ…
Downloadable IOCs 37
EastWind campaign: new CloudSorcerer attacks on government organizations in Russia
Kaspersky detected an ongoing targeted cyberattack campaign, dubbed EastWind, targeting Russian government organizations and IT companies. The attackers employed phishing emails with malicious shortcuts to deliver malware that communicated via Dropbox. They utilized tools associated with APT31 and …
Downloadable IOCs 5
Rivers of Phish: Sophisticated Phishing Targets Russia's Perceived Enemies Around the Globe
An extensive investigation uncovered an elaborate phishing campaign conducted by a Russia-based threat actor known as COLDRIVER, attributed to Russia's Federal Security Service. The campaign employed personalized social engineering tactics to target civil society groups, NGOs, journalists, and gove…
Downloadable IOCs 28
Multiple Malware Dropped Through MSI Package
An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…
Downloadable IOCs 11
CERT-UA Report: UAC-0198: Mass distribution of ANONVNC (MESHAGENT) among government organizations of Ukraine
According to the report, cyber operations related to the ongoing military conflict between Russia and Ukraine are ongoing. The report highlights the potential risks and threats posed by Russian state-sponsored actors, including the deployment of wiper malware, distributed denial-of-service (DDoS) a…
Downloadable IOCs 26
2024 OLYMPICS-THEMED DOMAINS USED FOR CHINESE GAMBLING SITES
Cybercriminals seize high-profile events like the Olympic Games to orchestrate malicious campaigns. Researchers observed a surge in newly registered domains with Olympic themes used for illicit activities such as gambling sites, money laundering, and human trafficking schemes. These domains imperso…
Downloadable IOCs 7
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
An investigation by The DFIR report revealed a collection of batch scripts designed for defense evasion and executing command-and-control payloads. These scripts performed various actions, including disabling antivirus processes, stopping services related to SQL, Hyper-V, security tools, and Exchan…
Downloadable IOCs 32
Ande Loader Leads to 0bj3ctivity Stealer Infection
In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The attack involved a malicious JavaScript file that retrieved and executed Ande Loader and the 0bj3ctivity Stealer. Ande Loader created persistence, downloaded additional pa…
Downloadable IOCs 2
A Dive into Latest Campaign
Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle East, and Africa, targeting countries like Italy, Germany, UAE, and Qatar. The group leverages public-facing applications like IIS servers as entry points, deploying soph…
Downloadable IOCs 30