Recherche : [cluster25]

CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attack

21/10/2023 13:18:42

Cluster25 analyzed an attack by APT28/FancyBear exploiting the WinRAR vulnerability CVE-2023-38831

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy https://blog.cluster25.duskrise.com/2022/12/22/an-infostealer-comes-to-town

23/12/2022 22:35:26

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/

26/09/2022 11:08:02

Analysis of APT28/Fancy Bear PowerPoint mouse-over campaign

Liens par page

Filtres