Tag: 2024-06-07
5 attack reports | 76 vulnerabilities
Attack reports
Lost in the Fog: A New Ransomware Threat
Arctic Wolf Labs began monitoring the deployment of a new ransomware variant called Fog in early May 2024. The ransomware attacks targeted organizations in the education and recreation sectors within the United States. Evidence suggests threat actors gained initial access through compromised VPN cr…
Downloadable IOCs 5
Malicious Campaign Analysis: JScript RAT and CobaltStrike
This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…
Downloadable IOCs 4
Targets Ukraine's Defense Forces using SPECTR malware alongside legitimate SyncThing
The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…
Downloadable IOCs 33
Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks
Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a suspected geopolitical or hacktivist group. While their origin remains unclear, recent techniques suggest espionage and data exfiltration intent. Sticky Werewolf has targeted the aviation industry, employing ph…
Downloadable IOCs 14
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers
This report details a cryptojacking campaign exploiting exposed Docker remote API servers. Threat actors employ the cmd.cat/chattr Docker image for initial access, utilizing techniques like chroot and volume binding to break out of the container and access host systems. They deploy cryptocurrency m…
Downloadable IOCs 7