The Cyber Security Blog

Cyber Attack's, Malware, CVE's and more.

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

For many years, cybercriminals have used social engineering and phishing attacks to trick unsuspected victims into providing their...

Sep 6, 20221 min read

BleachGap ransomware revamped

leachGap ransomware was first reported in Feb 2021 by a researcher named Petrovic on Twitter. This ransomware variant that K7 Security...

Sep 6, 20221 min read

QBOT Malware Analysis

QBOT, also known as QAKBOT, is a modular Trojan active since 2007 used to download and run binaries on a target machine. QBOT is a...

Sep 6, 20221 min read

A Tale of PivNoxy and Chinoxy Puppeteer

Recently, a simple and short email with a suspicious RTF attachment that had been sent to a telecommunications agency in South Asia...

Sep 6, 20221 min read

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting...

Sep 6, 20221 min read

Bumblebee Loader - The High Road to Enterprise Domain Control

Cybereason GSOC team analysts have analyzed a case that involved a Bumblebee Loader infection. Following this introduction, we describe...

Aug 24, 20221 min read

Monster Libra (TA551/Shathak) infects with IcedID (Bokbot) and pushes Cobalt Strike & DarkVNC

SANS has analyzed an IcedID (Bokbot) infection based on Monster Libra (also known as TA551 or Shathak). REFERENCE:...

Aug 24, 20221 min read

APT41 World Tour 2021 on a tight schedule

n March 2022 one of the oldest state-sponsored hacker groups, APT41, breached government networks in six US states, including by...

Aug 24, 20222 min read

New Iranian APT data extraction tool

In December 2021, TAG discovered a novel Charming Kitten tool, named HYPERSCRAPE, used to steal user data from Gmail, Yahoo!, and...

Aug 24, 20221 min read

DarkTortilla Malware Analysis

DarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It...

Aug 23, 20221 min read

XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python

Threat actors behind the XCSSET malware have been relatively quiet since last year. However, new activity beginning around April 2022 and...

Aug 23, 20221 min read

Grandoreiro Banking Trojan with New TTPs

Recently Zscaler ThreatLabz observed a Grandoreiro campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain...

Aug 23, 20221 min read

Back in Black: Unlocking a LockBit 3.0 Ransomware Attack

LockBit 3.0 aka “LockBit Black”, noted in June of this year has coincided with a large increase of victims being published to the LockBit...

Aug 23, 20221 min read

Brazil malspam pushes Astaroth (Guildma) malware

Today's diary is a quick post of an Astaroth (Guildma) malware infection SANS generated on Friday 2022-08-19 from a malicious...

Aug 22, 20221 min read

JSSLoader: the shellcode edition

Security researchers observed a malspam campaign in late June attributed to the FIN7 APT group. One of the samples was also reported on...

Aug 19, 20221 min read

Reservations Requested: TA558 Targets Hospitality and Travel

Since 2018, security researchers tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related...

Aug 19, 20221 min read

Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors

Security researchers have been tracking UNC3890, a cluster of activity targeting Israeli shipping, government, energy and healthcare...

Aug 19, 20221 min read

Attackers Profiting from Proxyware

The ASEC analysis team recently discovered malware strains installing proxyware without the user’s permission. Users whose systems are...

Aug 19, 20221 min read

Threat in your browser: what dangers innocent-looking extensions hold for users

Malicious and unwanted add-ons are often distributed through official marketplaces. In 2020, Google removed 106 browser extensions from...

Aug 19, 20221 min read

RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Geo Humanitarian, Think Tank, etc

Over the past 3 years, Recorded Future have observed RedAlpha registering and weaponizing hundreds of domains spoofing organizations such...

Aug 19, 20221 min read

The Cyber Security Blog

Cyber Attack's, Malware, CVE's and more.

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

BleachGap ransomware revamped

QBOT Malware Analysis

A Tale of PivNoxy and Chinoxy Puppeteer

Kimsuky’s GoldDragon cluster and its C2 operations

Bumblebee Loader - The High Road to Enterprise Domain Control

Monster Libra (TA551/Shathak) infects with IcedID (Bokbot) and pushes Cobalt Strike & DarkVNC

APT41 World Tour 2021 on a tight schedule

New Iranian APT data extraction tool

DarkTortilla Malware Analysis

XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python

Grandoreiro Banking Trojan with New TTPs

Back in Black: Unlocking a LockBit 3.0 Ransomware Attack

Brazil malspam pushes Astaroth (Guildma) malware

JSSLoader: the shellcode edition

Reservations Requested: TA558 Targets Hospitality and Travel

Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors

Attackers Profiting from Proxyware

Threat in your browser: what dangers innocent-looking extensions hold for users

RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Geo Humanitarian, Think Tank, etc

Privacy Policy

Service Terms and conditions

Tech Terms and conditions

Subscribe to Our Newsletter