All attack reports
Iluria Stealer; a Variant of Another Discord Stealer
Researchers uncover a new malware variant called Iluria Stealer, created by the developer behind Nikki Stealer, utilizing the alias 'Ykg.' Iluria Stealer is designed to steal Discord tokens, browser credentials, and payment information. It employs techniques like obfuscation, process injection, and…
Downloadable IOCs 5
Gootloader walkthrough
The analysis delves into the intricate workings of the Gootloader malware campaign. Through a meticulously crafted social engineering scheme involving SEO poisoning and fake forums, threat actors lure unsuspecting victims into downloading a malicious JavaScript file disguised as a legitimate resour…
Downloadable IOCs 12
Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea
An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group has systematically targeted high-level organizations across countries in the South China Sea region. The extensive analysis spanned several years, revealing their evolvin…
Downloadable IOCs 47
Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages
BlackBerry discovered the Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeting the Indian government, defense, and aerospace sectors. The group employed cross-platform programming languages, open-source tools, and abused web services for command-and-control and exfil…
Downloadable IOCs 97
Operation Specter: An Active Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
An analysis reveals long-term espionage operations by a Chinese advanced persistent threat (APT) group against at least seven governmental entities across the Middle East, Africa and Asia since late 2022. The threat actor attempts to obtain sensitive and classified information about diplomatic and …
Downloadable IOCs 28
New ransomware group abusing BitLocker
The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…
Downloadable IOCs 6
Sharp Dragon Expands Towards Africa and The Caribbean
Check Point Research has observed a significant shift in the activities and lures of Sharp Dragon, a Chinese threat actor, now targeting governmental organizations in Africa and the Caribbean. This expansion aligns with Sharp Dragon's known tactics of compromising email accounts to spread weaponize…
Downloadable IOCs 38
New Hijack Loader Variant: Uses Process Hollowing, Has Enhanced Anti-Evasion Capabilities
Downloadable IOCs 9
Crimeware report: Acrid, ScarletStealer and Sys01 stealers
This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …
Downloadable IOCs 5
Spring Exacerbation: UAC-0006 increased cyberattacks
This report aims to provide insights into the ongoing cyber operations targeting Ukraine. It analyzes the tactics, techniques, and procedures employed by threat actors in their malicious campaigns. The document offers a comprehensive overview of the cybersecurity landscape in Ukraine, highlighting …
Downloadable IOCs 31
Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware
Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud storage services like Google Drive and Dropbox for malware delivery, command execution, and data exfiltration. The infection chain starts with a phishing email containing a …
Downloadable IOCs 16
Unveiling a Crypto Mining Operation
This report uncovers a sophisticated intrusion campaign involving several malicious modules designed to disable security solutions and execute a persistent crypto-miner. The primary payload, dubbed GHOSTENGINE, leverages vulnerable drivers to terminate and delete known endpoint detection and respon…
Downloadable IOCs 17