SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.

We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora Ransomware. The assumed connection to the Pandora Ransomware was due to some similarities between the CatB and Pandora ransom notes. However, the similarities pretty much end there. The CatB ransomware implements several anti-VM techniques to verify execution on a “real machine”, followed by a malicious DLL drop and DLL hijacking to evade detection.

For 2nd time in 4 years, Amazon loses control of its IP space in BGP hijacking.

Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.

The Lyceum APT group is targeting Middle East organizations with DNS hijacking attack using a new .NET-based malware.