Month: January 2024
DarkGate malware delivered via Microsoft Teams – detection and response
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion [more…]
Python’s Byte: The Rise of Scripted Ransomware
The digital world that we live in has been always facing different types of cyber attacks. Of late, there has been a spurt in ransomware [more…]
CrackedCantil: A Malware Symphony Breakdown
The author (of this article, not the malware), Lena (aka LambdaMamba) has decided to name this type of malware the “CrackedCantil”. The “Cracked” part comes [more…]
Compromised routers are still leveraged as malicious infrastructure to target government organizations in Europe and Caucasus
On 2023-12-28, the Ukrainian government computer emergency and incident response team (CERT-UA) described a malicious espionage campaign that targeted government organizations in Ukraine. CERT-UA attributed [more…]
Security Brief: ‘Tis the Season for Tax Hax
What happened Proofpoint researchers recently identified the return of TA576, a cybercriminal threat actor that uses tax-themed lures specifically targeting accounting and finance organizations. This [more…]
KrustyLoader – Rust malware linked to Ivanti ConnectSecure compromises
On 10th January 2024, Ivanti disclosed two zero-day critical vulnerabilities affecting Connect Secure VPN products: CVE-2024-21887 and CVE-2023-46805 allowing unauthenticated remote code execution. Volexity and [more…]
CSIRT-CTI – Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks
As these developments unfold, CSIRT-CTI has identified two campaigns exhibiting strong indications of being connected to Stately Taurus (alias Bronze President, Camaro Dragon, Earth Preta, [more…]
Analysis of FalseFont Backdoor used by Peach-Sandstorm Threat Actor
In this article, we will explore the FalseFont Backdoor used by Peach Sandstorm APT to target defense contractors worldwide. The backdoor was initially identified and [more…]
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
This intrusion began when a threat actor gained access to an exposed RDP host. Notably, the login utilized legitimate credentials for the default Administrator account, [more…]
ITG11 Threat Group Profile
Since at least 2008, ITG11 has primarily targeted political, government, and military entities, likely to assist in Russian espionage against strategic rivals. To conduct long-term [more…]