BlackBerry is tracking a new campaign that delivers Trojanized MSI files that utilize DLL sideloading to execute LegionLoader, a malicious program typically used to distribute multiple infostealers on the victim’s system.

APT group Mustang Panda now appears to have Europe and Asia Pacific targets in its sights. The BlackBerry Research and Intelligence team recently unearthed evidence that the group may be using global interest in the Russian-Ukraine war to deliver PlugX malware via phishing lure to unsuspecting users.

Threat actor RomCom RAT is now targeting Ukrainian military institutions. Known to deploy spoofed versions of popular software Advanced IP Scanner, once exposed, RomCom RAT switched to PDF Filler, another popular application, which indicates the group behind it is actively developing new capabilities.

BianLian is a financially motivated threat actor that targets a wide range of industries. It uses the exotic programming language “Go” to encrypt files with unusual speed.

While working a recent ransomware incident, BlackBerry identified a group whose name and TTPs mimicked the long-standing, popular ransomware crew Conti. Furthermore, the encryptor payload used in the attack was taken from the original group and modified for use with this new group. Who was this doppelganger?