Tag: reconnaissance

9 Attack Reports | 0 Vulnerabilities

Attack reports

TA406 Pivots to the Front

In February 2025, TA406, a North Korean state-sponsored actor, began targeting Ukrainian government entities with phishing campaigns aimed at gathering intelligence on the Russian invasion. The group utilized freemail senders impersonating think tank members to deliver both credential harvesting at…
phishing
north korea
powershell
ukraine
credential harvesting
reconnaissance
2025-05-13
government targeting
chm files
Published: May 13, 2025
Downloadable IOCs: 11

Post-Exploitation Activities Observed from the Samsung MagicINFO 9 Server Flaw

A vulnerability in Samsung MagicINFO 9 Server, a content management system for digital signage displays, has been exploited in limited incidents. Three separate attacks were observed, with two showing organized, identical commands and one appearing to be in a research phase. The attackers attempted…
vulnerability
exploitation
reconnaissance
post-exploitation
2025-05-10
digital signage
samsung
magicinfo
service installation
Published: May 10, 2025
Downloadable IOCs: 0

South Korean Organizations Targeted by Cobalt Strike 'Cat' Delivered by a Rust Beacon

An exposed web server containing tools for an intrusion campaign targeting South Korean organizations was identified. The server hosted a Rust-compiled Windows executable delivering Cobalt Strike Cat, along with SQLMap, Web-SurvivalScan, and dirsearch. The threat actor used these tools to identify …
sql injection
south korea
reconnaissance
2025-03-18
rust beacon
cobalt strike cat
marte
mingw
open directory
marte shellcode
Published: March 18, 2025
Downloadable IOCs: 9

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

A sophisticated malware attack targeting WordPress WooCommerce sites was discovered, involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script. The attack focused on financial gain and long-term control. The skimmer, injected into the checkout…
backdoor
obfuscation
javascript
wordpress
reconnaissance
php
credit card skimmer
e-commerce
2025-03-15
woocommerce
Published: March 15, 2025
Downloadable IOCs: 0

Play Ransomware impersonates SentinelOne for stealth recon

A Play ransomware attack involving a reconnaissance tool called Grixba was detected and prevented. The attack began with the deployment of Grixba via RDP to a Windows server. The Grixba file was disguised as legitimate SentinelOne software, a new tactic for the group. Grixba is an obfuscated .NET-b…
obfuscation
ransomware
.net
rdp
reconnaissance
grixba
play
2025-01-17
sentinelone impersonation
xor encryption
Published: January 17, 2025
Downloadable IOCs: 4

Araneida Scanner: Cracked Acunetix Web App & API Scanner Discovered

Silent Push Threat Analysts have uncovered the Araneida Scanner, a cracked version of Acunetix being used for illegal purposes. The scanner is employed for offensive reconnaissance, user data scraping, and vulnerability exploitation. It was detected during a partner's reconnaissance effort, prompti…
credential theft
reconnaissance
telegram
2024-12-20
araneida scanner
web vulnerability
data scraping
cracked acunetix
Published: December 20, 2024
Downloadable IOCs: 13

Analysis of Cyber Reconnaissance Activities Behind APT37 Threats

The report analyzes the covert cyber reconnaissance activities of the state-sponsored APT37 group targeting South Korea. The group uses spear-phishing emails with malicious LNK files to deploy the RoKRAT malware, collecting sensitive information from victims' devices. The attackers employ various t…
north korea
rokrat
cyber espionage
reconnaissance
spear-phishing
lnk files
2024-11-06
web beacons
Published: November 6, 2024
Linked vulnerabilities : CVE-2022-41128
Downloadable IOCs: 20

Threat actors use ChatGPT to write malware

OpenAI has disrupted over 20 malicious cyber operations abusing ChatGPT for various purposes, including malware development and spear-phishing attacks. The company confirmed cases involving Chinese and Iranian threat actors. SweetSpecter, a Chinese group, targeted OpenAI employees with phishing ema…
social engineering
sugargh0st rat
reconnaissance
chatgpt
spear-phishing
2024-10-14
threat actors
cyber operations
openai
Published: October 14, 2024
Downloadable IOCs: 1

Suspicious DNS Probing Operation Amplified

This analysis discusses a large-scale domain name system (DNS) probing operation that targets open resolvers globally. An actor operating from the China Education and Research Network is conducting these probes, sending queries with encoded IP addresses to identify and measure responses from open D…
dns
2024-06-06
reconnaissance
amplification
probing
open resolvers
Published: June 6, 2024
Downloadable IOCs: 17
Click here to see more Attack Reports