All attack reports
Suspected Cyber Espionage Campaign Targeting Global Organizations
An analysis identified a suspected cyber espionage campaign by TAG-100, a threat group exploiting internet-facing devices and utilizing open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic, trade…
Downloadable IOCs 25
'Evil Twin' Apps Spread for Multiple Fraud Schemes
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil tw…
Downloadable IOCs 0
Who You Gonna Call? AndroxGh0st Busters!
This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…
Downloadable IOCs 7
Threat Actor Masquerades as Hacktivist Group Rebelling Against AI
SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…
Downloadable IOCs 9
Beware of BadPack: One Weird Trick Being Used Against Android Devices
The report examines the recent trend of BadPack Android malware, which utilizes tampered headers to obstruct analysis tools. It explores the effectiveness of various freely available utilities for analyzing BadPack Android Package Kit (APK) files. The report dissects the structure of APK files and …
Downloadable IOCs 4
Akira Ransomware Targets the LATAM Airline Industry
An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…
Downloadable IOCs 2
New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns
An Iranian threat group known as MuddyWater, affiliated with the Ministry of Intelligence and Security, has significantly intensified its operations targeting Israel, Saudi Arabia, Turkey, Azerbaijan, India, and Portugal in recent months. The group consistently utilizes phishing campaigns originati…
Downloadable IOCs 50
ShadowRoot Ransomware Targeting Turkish Businesses
An analysis reveals a basic ransomware campaign targeting Turkish enterprises. The attack commences with a malicious PDF attachment delivered via email, containing a link that downloads an executable payload. This executable then drops further components, including a .NET binary obfuscated with dot…
Downloadable IOCs 3
Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant
This report analyzes a recent phishing campaign distributing a new DarkGate Remote Access Trojan variant. The malware leverages various obfuscation and anti-analysis techniques, including process hollowing, anti-VM checks, and encoding. It supports numerous malicious functionalities like ransomware…
Downloadable IOCs 4
A Social Engineering Tactic to Deploy Malware
McAfee Labs uncovered a sophisticated social engineering technique, dubbed 'ClickFix,' for deploying malware such as DarkGate and Lumma Stealer. Victims are lured to compromised websites displaying error messages with instructions to paste scripts in PowerShell, facilitating malware downloads and e…
Downloadable IOCs 7
WorkersDevBackdoor and MadMxShell converge in malvertising campaigns
This report analyzes two recent malware distribution campaigns that leverage malvertising techniques. The campaigns deliver the WorkersDevBackdoor and MadMxShell backdoors, which have data exfiltration capabilities and can facilitate ransomware deployment. The malware's delivery infrastructure, inc…
Downloadable IOCs 51
Security Advisory for Squarespace
This report outlines a critical vulnerability affecting the Squarespace platform, a widely used website builder. The flaw allows remote code execution, potentially granting unauthorized access and control over websites hosted on the platform. Exploitation of this vulnerability could lead to data br…
Downloadable IOCs 4