Tag: 2024-08-20
6 attack reports | 142 vulnerabilities
Attack reports
New Backdoor Targeting Taiwan Employs Stealthy Communications
A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, a…
Downloadable IOCs 3
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon e…
Downloadable IOCs 10
Meet UULoader: An Emerging and Evasive Malicious Installer
An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as…
Downloadable IOCs 23
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
Downloadable IOCs 15
Ongoing Social Engineering Campaign Refreshes Payloads
Rapid7 observed a shift in tools utilized by threat actors in an ongoing social engineering campaign. The initial lure involves an email bombing followed by calls to users offering fake solutions. Once connected remotely, threat actors deploy payloads for credential harvesting, establishing command…
Downloadable IOCs 43
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics …
Downloadable IOCs 18
New Backdoor Targeting Taiwan Employs Stealthy Communications
A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, a…
Downloadable IOCs 3
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon e…
Downloadable IOCs 10
Meet UULoader: An Emerging and Evasive Malicious Installer
An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as…
Downloadable IOCs 23
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
Downloadable IOCs 15
Ongoing Social Engineering Campaign Refreshes Payloads
Rapid7 observed a shift in tools utilized by threat actors in an ongoing social engineering campaign. The initial lure involves an email bombing followed by calls to users offering fake solutions. Once connected remotely, threat actors deploy payloads for credential harvesting, establishing command…
Downloadable IOCs 43
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics …
Downloadable IOCs 18
New Backdoor Targeting Taiwan Employs Stealthy Communications
A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, a…
Downloadable IOCs 3
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon e…
Downloadable IOCs 10
Meet UULoader: An Emerging and Evasive Malicious Installer
An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as…
Downloadable IOCs 23
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
Downloadable IOCs 15
Ongoing Social Engineering Campaign Refreshes Payloads
Rapid7 observed a shift in tools utilized by threat actors in an ongoing social engineering campaign. The initial lure involves an email bombing followed by calls to users offering fake solutions. Once connected remotely, threat actors deploy payloads for credential harvesting, establishing command…
Downloadable IOCs 43
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics …
Downloadable IOCs 18
New Backdoor Targeting Taiwan Employs Stealthy Communications
A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, a…
Downloadable IOCs 3
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon e…
Downloadable IOCs 10
Meet UULoader: An Emerging and Evasive Malicious Installer
An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as…
Downloadable IOCs 23
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
Downloadable IOCs 15
Ongoing Social Engineering Campaign Refreshes Payloads
Rapid7 observed a shift in tools utilized by threat actors in an ongoing social engineering campaign. The initial lure involves an email bombing followed by calls to users offering fake solutions. Once connected remotely, threat actors deploy payloads for credential harvesting, establishing command…
Downloadable IOCs 43
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics …
Downloadable IOCs 18
New Backdoor Targeting Taiwan Employs Stealthy Communications
A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, a…
Downloadable IOCs 3
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon e…
Downloadable IOCs 10
Meet UULoader: An Emerging and Evasive Malicious Installer
An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as…
Downloadable IOCs 23
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
Downloadable IOCs 15
Ongoing Social Engineering Campaign Refreshes Payloads
Rapid7 observed a shift in tools utilized by threat actors in an ongoing social engineering campaign. The initial lure involves an email bombing followed by calls to users offering fake solutions. Once connected remotely, threat actors deploy payloads for credential harvesting, establishing command…
Downloadable IOCs 43
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics …
Downloadable IOCs 18
New Backdoor Targeting Taiwan Employs Stealthy Communications
A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, a…
Downloadable IOCs 3
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon e…
Downloadable IOCs 10
Meet UULoader: An Emerging and Evasive Malicious Installer
An analysis uncovered a malicious installer dubbed 'UULoader', which employs creative techniques to evade detection, including file header stripping, side-loading legitimate executables, and obfuscation. This multi-staged approach to payload delivery proves effective at evading static detection, as…
Downloadable IOCs 23
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
Downloadable IOCs 15
Ongoing Social Engineering Campaign Refreshes Payloads
Rapid7 observed a shift in tools utilized by threat actors in an ongoing social engineering campaign. The initial lure involves an email bombing followed by calls to users offering fake solutions. Once connected remotely, threat actors deploy payloads for credential harvesting, establishing command…
Downloadable IOCs 43
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics …
Downloadable IOCs 18