The Cyber Security Blog

Cyber Attack's, Malware, CVE's and more.

UNC961: Three Encounters with a Financially Motivated Threat Actor

Web application vulnerabilities are like doorways: you never know who or what will walk through. Between December 2021 and July 2022, the...

Mar 24, 20231 min read

DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid De

WithSecure has revealed the latest details of the DUCKTAIL malware operation, which was previously described by Deep Instinct Threat Lab...

Mar 14, 20231 min read

Stealing the LIGHTSHOW — North Korea's UNC2970

In June 2022, Mandiant Managed Defense detected and responded to an UNC2970 phishing campaign targeting a U.S.-based technology company....

Mar 14, 20231 min read

Nevada Ransomware: Yet Another Nokayawa Variant

Zscaler ThreatLabz has been tracking the Nokoyawa ransomware family and its predecessors including Karma and Nemty ransomware. The...

Mar 13, 20231 min read

Analysis of phishing activities delivered by AgentTesla using GuLoader

In recent years, the AgentTesla secret-stealing Trojan has continued to be active, and Antiy CERT has repeatedly monitored attacks...

Mar 2, 20231 min read

Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack

Trendmicro discovered a new backdoor which they have attributed to the advanced persistent threat actor known as Earth Kitsune, which...

Feb 21, 20231 min read

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated cam

Cisco Talos Intelligence has observed a new threat that aims to steal or demand ransom payments in cryptocurrency, and has identified two...

Feb 15, 20231 min read

Investigating Intrusions From Intriguing Exploits

Summary On 02 February 2023, an alert triggered in a Huntress-protected environment. At first glance, the alert itself was fairly generic...

Feb 10, 20231 min read

#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

This CSA provides an overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and updates the July 6, 2022,...

Feb 10, 20231 min read

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

In this campaign, the suspected Russian threat actors, use several highly obfuscated and underdevelopment custom loaders in order to...

Feb 10, 20231 min read

SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest

Activity against targeted organisations and individuals in the UK and other areas of interest. The Russia-based SEABORGIUM (Callisto...

Jan 26, 20235 min read

Vice Society Ransomware Group Targets Manufacturing Companies

Highlights findings on Vice Society, which includes an end-to-end infection diagram that was created using internal telemetry....

Jan 26, 20231 min read

QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature

This research investigates a recent QakBot phishing campaign's ability to evade Mark-of-the-Web (MoTW) security features, allowing for...

Jan 18, 20231 min read

Emotet returns and deploys loaders

The Emotet malware appears to have come back after a four-month lull, according to a cybersecurity researcher and a French security...

Jan 10, 20231 min read

Fin7 Unveiled: A deep dive into notorious cybercrime gang

The highly active threat group FIN7 has been continuously broadening their cybercrime horizons and recently added ransomware to its...

Dec 24, 20221 min read

Mallox Ransomware showing signs of Increased Activity

“TargetCompany” is a type of ransomware that was first identified in June 2021. The researchers named it TargetCompany ransomware because...

Dec 13, 20221 min read

Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT

In November 2022, researchers intercepted a threat that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote...

Dec 13, 20221 min read

DEV-0139 launches targeted attacks against the cryptocurrency industry

Microsoft Security Threat Intelligence is seeing more complex attacks wherein the threat actor shows great knowledge and preparation,...

Dec 7, 20221 min read

Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities

In November, FortiGuard Labs observed a unique botnet written in the Go language being distributed through IoT vulnerabilities. This...

Dec 7, 20221 min read

Vice Society: Profiling a Persistent Threat to the Education Sector

Vice Society is a ransomware gang that has been involved in high-profile activity against schools this year. Unlike many other ransomware...

Dec 6, 20221 min read

The Cyber Security Blog

Cyber Attack's, Malware, CVE's and more.

UNC961: Three Encounters with a Financially Motivated Threat Actor

DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid De

Stealing the LIGHTSHOW — North Korea's UNC2970

Nevada Ransomware: Yet Another Nokayawa Variant

Analysis of phishing activities delivered by AgentTesla using GuLoader

Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated cam

Investigating Intrusions From Intriguing Exploits

#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs

SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest

Vice Society Ransomware Group Targets Manufacturing Companies

QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature

Emotet returns and deploys loaders

Fin7 Unveiled: A deep dive into notorious cybercrime gang

Mallox Ransomware showing signs of Increased Activity

Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT

DEV-0139 launches targeted attacks against the cryptocurrency industry

Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities

Vice Society: Profiling a Persistent Threat to the Education Sector

Privacy Policy

Service Terms and conditions

Tech Terms and conditions

Subscribe to Our Newsletter