All attack reports
Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India
This report examines the convergence of tactics employed by Pakistani cyber threat groups, including Transparent Tribe, SideCopy, and RusticWeb, targeting Indian government entities and critical infrastructure. It uncovers overlaps in their infrastructure, tactics, and payloads, suggesting coordina…
Downloadable IOCs 89
Array of malware used to gather intelligence for North Korea
Microsoft Threat Intelligence analyzes the activities of the North Korean threat actor Onyx Sleet, which conducts cyber espionage operations primarily targeting military, defense, and technology industries. The report covers Onyx Sleet's affiliations with other North Korean threat groups, its targe…
Downloadable IOCs 24
Scam Attacks Taking Advantage of the Popularity of the Generative AI Wave
This analysis explores the evolution of network threats associated with generative AI (GenAI) terms, correlating with key milestones like ChatGPT's launch and integration into Bing. It examines suspicious domain registrations capitalizing on the GenAI trend, their textual patterns, and traffic volu…
Downloadable IOCs 31
APT45: North Korea’s Digital Military Machine
Mandiant provides an overview of the activities of APT45, a cyber threat group attributed with high confidence to North Korea. The report details APT45's transition from traditional espionage campaigns against government and defense sectors to financially motivated operations, including suspected r…
Downloadable IOCs 37
LummaC2 Malware Abusing the Game Platform 'Steam'
The report investigates LummaC2, an infostealer malware actively distributed under the guise of illegal software. It highlights LummaC2's tactics of utilizing encrypted strings and abusing legitimate websites like Steam to acquire command-and-control (C2) domains. The malware steals sensitive user …
Downloadable IOCs 21
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime's Military and Nuclear Programs
The U.S. Federal Bureau of Investigation (FBI) and several partner agencies are releasing this advisory to highlight a North Korean state-sponsored cyber group known as Andariel, operating under the Reconnaissance General Bureau (RGB) 3rd Bureau. This group primarily targets defense, aerospace, nuc…
Downloadable IOCs 60
Growing Number of Threats Leveraging AI
Symantec has observed a rise in attacks using Large Language Models (LLMs) to generate malicious code for delivering payloads like Rhadamanthys, NetSupport, CleanUpLoader, ModiLoader, LokiBot, and Dunihi. The campaigns involve phishing emails with attachments that execute LLM-generated scripts to d…
Downloadable IOCs 37
The tapestry of threats targeting Hamster Kombat players
This analysis delves into the various malicious threats capitalizing on the immense popularity of the Hamster Kombat mobile game. It reveals that cybercriminals are exploiting players' interests by distributing Android spyware disguised as the game through unofficial channels, as well as creating f…
Downloadable IOCs 26
Stargazers Ghost Network
Check Point Research identified a sophisticated network of GitHub accounts distributing malware through malicious repositories. The Stargazers Ghost Network consists of different types of accounts performing various actions like starring, forking, and subscribing to give an appearance of legitimacy…
Downloadable IOCs 37
Malware Analysis - Accelerating Analysis When It Matters
This report provides information on how security professionals can expedite the analysis of multiple malware samples. By utilizing automated techniques, such as malware configuration parsing, analysts can quickly determine malware families, extract network indicators, and enhance detection and resp…
Downloadable IOCs 28
Fake update puts visitors at risk
This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguised as fake browser updates. It analyzes the recent tactics, techniques, and procedures employed by threat groups like Evil Corp in compromising WordPress websites, fingerp…
Downloadable IOCs 10
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…
Downloadable IOCs 6