Tag: 2024-09-19
3 attack reports | 52 vulnerabilities
Attack reports
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution - Sekoia.io Blog
The Emmenhtal loader, also known as PeakLight, operates in a memory-only manner, making it difficult to detect and analyse. It is primarily used to distribute other malicious payloads, including well-known infostealers that target sensitive information.
Downloadable IOCs 120
SambaSpy – a new RAT targeting Italian users
A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan (RAT) dubbed SambaSpy. The infection chain involves phishing emails impersonating a legitimate Italian real estate company, redirecting victims to a malicious website. The campaign employs…
Downloadable IOCs 24
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
Unit 42 researchers have uncovered an ongoing campaign involving poisoned Python packages that deliver Linux and macOS backdoors. The attackers, believed to be the North Korean-affiliated group Gleaming Pisces, uploaded malicious packages to PyPI. The campaign's objective appears to be gaining acce…
Downloadable IOCs 16
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution - Sekoia.io Blog
The Emmenhtal loader, also known as PeakLight, operates in a memory-only manner, making it difficult to detect and analyse. It is primarily used to distribute other malicious payloads, including well-known infostealers that target sensitive information.
Downloadable IOCs 120
SambaSpy – a new RAT targeting Italian users
A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan (RAT) dubbed SambaSpy. The infection chain involves phishing emails impersonating a legitimate Italian real estate company, redirecting victims to a malicious website. The campaign employs…
Downloadable IOCs 24
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
Unit 42 researchers have uncovered an ongoing campaign involving poisoned Python packages that deliver Linux and macOS backdoors. The attackers, believed to be the North Korean-affiliated group Gleaming Pisces, uploaded malicious packages to PyPI. The campaign's objective appears to be gaining acce…
Downloadable IOCs 16
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution - Sekoia.io Blog
The Emmenhtal loader, also known as PeakLight, operates in a memory-only manner, making it difficult to detect and analyse. It is primarily used to distribute other malicious payloads, including well-known infostealers that target sensitive information.
Downloadable IOCs 120
SambaSpy – a new RAT targeting Italian users
A campaign exclusively targeting Italian users was detected in May 2024, delivering a new Remote Access Trojan (RAT) dubbed SambaSpy. The infection chain involves phishing emails impersonating a legitimate Italian real estate company, redirecting victims to a malicious website. The campaign employs…
Downloadable IOCs 24
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
Unit 42 researchers have uncovered an ongoing campaign involving poisoned Python packages that deliver Linux and macOS backdoors. The attackers, believed to be the North Korean-affiliated group Gleaming Pisces, uploaded malicious packages to PyPI. The campaign's objective appears to be gaining acce…
Downloadable IOCs 16