Tag: 2024-08-09

7 Attack Reports | 0 Vulnerabilities

Attack reports

A Dive into Latest Campaign

Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle East, and Africa, targeting countries like Italy, Germany, UAE, and Qatar. The group leverages public-facing applications like IIS servers as entry points, deploying soph…
backdoor
loader
apt
espionage
cobalt strike
cybercrime
godzilla
stealthvector
2024-08-09
stealthreacher
megacmd
sneakcross
tailscale
rakshasa
Published: August 9, 2024
Downloadable IOCs: 30

Threat actor targeting UK banks in ongoing AnyDesk social engineering campaign

Threat analysts are tracking an ongoing campaign that employs fake websites and social engineering tactics to distribute a malicious version of the AnyDesk remote access software to Windows and macOS users. Once installed on a victim's machine, it is being utilized to steal data and money. The camp…
phishing
social engineering
anydesk
remote access
2024-08-09
uk banks
Published: August 9, 2024
Downloadable IOCs: 50

APT Group Kimsuky Targets University Researchers

A report detailing an ongoing cyberattack campaign by the North Korean APT group Kimsuky, which is targeting university staff, researchers, and professors to conduct espionage and gather intelligence for the North Korean government. The group employs phishing tactics, compromised infrastructure, an…
apt
espionage
phishing
north korea
2024-08-09
universities
Published: August 9, 2024
Downloadable IOCs: 24

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

This report analyzes a new macOS stealer malware that leverages SwiftUI for password prompts and the OpenDirectory API for verifying captured passwords. It utilizes APIs to evade detection and carries out malicious operations in distinct stages, first executing a Swift-based dropper that displays a…
infostealer
macos
dropper
2024-08-09
swiftui
cryptotrade
Published: August 9, 2024
Downloadable IOCs: 1

PureHVNC Deployed via Python Multi-stage Loader

FortiGuard Labs uncovered a sophisticated attack campaign utilizing multiple obfuscation and evasion techniques to distribute and execute various malware, including VenomRAT, XWorm, AsyncRAT, and PureHVNC. The campaign starts with a phishing email containing a malicious attachment that initiates a …
xworm
rat
phishing
asyncrat
venomrat
2024-08-09
purehvnc
Published: August 9, 2024
Downloadable IOCs: 18

REPLAY: Revisiting Play Ransomware Anti-Analysis Techniques

This analysis revisits the anti-analysis techniques employed by recent variants of the Play ransomware, which is known for targeting industries like healthcare and telecommunications across various regions. The report explains how the ransomware utilizes techniques like return-oriented programming …
ransomware
anti-analysis
2024-08-09
playcrypt
Published: August 9, 2024
Downloadable IOCs: 4

DeathGrip RaaS | Small-Time Threat Actors Aim High With LockBit & Yashma Builders

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…
ransomware
lockbit
2024-08-09
yashma
chaos
Published: August 9, 2024
Downloadable IOCs: 1
Click here to see more Attack Reports