In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavior and will provide investigation guidance.
The attack was the first in five years to use Sandworm's Industroyer malware.
We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses. Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]
The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybersecurity giant Mandiant. The group — seemingly undeterred by U.S. indictments against five APT41 members in 2020 — conducted a months-long campaign during which it targeted and successfully breached […]
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.
This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
La société confirme des informations indiquant que ses développeurs ont été confrontés à deux jours de pannes.
Meanwhile, the hackers behind the breach are now releasing some of the stolen files on the web.
Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.
È stato rilevato delle agenzie di sicurezza informatica di Stati Uniti e Regno Unito: anche se non è ancora chiaro a che scopo sia stato utilizzato, i recenti attacchi in Ucraina spingono gli esperti a rimanere vigili
The TrickBot malware operation has shut down after its core developers move to the Conti ransomware gang to focus development on the stealthy BazarBackdoor and Anchor malware families.
A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.
Two cybersecurity firms with a strong business presence in Ukraine—ESET and Broadcom’s Symantec—have reported tonight that computer networks in the country have been hit with a new data-wiping attack.
The attack is taking place as Russian military troops have crossed the border and invaded Ukraine’s territory in what Russian President Putin has described as a “peacekeeping” mission.
The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.
As early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. Emotet is high-volume malware that often changes and modifies its attack patterns. This latest modification of the Emotet attack follows suit.
CrowdStrike has observed that malware targeting Linux-based systems increased by 35% in 2021. XorDDoS, Mirai and Mozi were the most common malware families.
I ricercatori di Proofpoint hanno rilevato TA2541, un attore di minaccia persistente che da anni prende di mira i settori di aviazione, industria
Intel471 released a report[1] on a loader system being leveraged for distribution of various crimeware malware families: The report mentioned an administrator panel located on the main command and…
A full technical breakdown of a prolific pay-per-install service.
