News

Changes in Emotet Behaviour in Ongoing Spam Campaigns

Delaware, USA – September 20, 2019 – The triumphant return of Emotet botnet with the new campaign this week made a lot of noise, and in addition to the scale of the campaign, researchers noted significant changes in both the botnet’s infrastructure and the infection methods. The campaign started on Monday, cybercriminals attacked users from […]

Smominru Botnet Rises Again

Delaware, USA – September 19, 2019 – The growth of the Monero cryptocurrency price provokes the return of major players to the race for other people’s computing power. Guardicore Labs uncovered winning streak of infamous Smominru botnet infecting about 4.7k systems per day. The botnet appeared in May 2017 and used mainly EternalBlue exploit to […]

TortoiseShell Group Compromises IT Providers in the Middle East

Delaware, USA – September 18, 2019 – Another young hacking group hacks IT providers in the Middle East to prepare supply chain attacks. Symantec’s researchers have revealed the activity of the group, which they called Tortoiseshell, operating since last July. During this time, attackers compromised at least 11 IT providers, most of their targets are […]

Emotet Botnet Starts Spam Campaign Targeting the US and European Countries

Delaware, USA – September 17, 2019 – It took Emotet operators nearly a month to finally bring their monster back to life, remove bots of security firms from the infrastructure, and prepare a new spam campaign. Starting Monday morning, September 16, malicious emails began to appear in the United States, the United Kingdom, Italy, Germany, […]

Entercom Radio Suffers Ransomware Attack

Delaware, USA – September 16, 2019 – The second-largest radio company in the United States became another victim of a ransomware attack, adversaries demand half a million dollars for the decryptor. The incident occurred about a week ago, but Entercom Communications Corporation did not disclose the details of the attack. During the attack, all company […]

Ryuk Related Infostealer Exfiltrates Files via FTP

Delaware, USA – September 13, 2019 – The new infostealer exfiltrates documents containing keywords in the file name and has a number of similarities with Ryuk ransomware. This week, MalwareHunterTeam discovered an interesting sample that searches an infected system for the financial and military-related Word and Excel files and then sends them to the attackers’ […]

SOC Prime at Motiv SOC Experience Day

Delaware, USA – September 12, 2019 – SOC Prime team will join Motiv ICT Security on October 1, 2019 for the first SOC Experience Day. The event gathers security experts and leaders to network and discuss practical approach on how to Predict, Prevent, Detect and Respond to cyber attacks. SOC Experience Day will be held […]

PsiXBot Malware Adopts Google DNS over HTTPS

Delaware, USA – September 11, 2019 – As Google and Mozilla bring the widespread use of DNS over the HTTPS protocol, more malware authors also adopt this perfect opportunity to hide malicious traffic. Proofpoint researchers discovered that PsiXBot started to abuse Google’s DoH service to retrieve the IPs for the command-and-control infrastructure in mid-August. The […]

StealthFalcon Backdoor Communicates with C&C Servers Using Windows BITS

Delaware, USA – September 10, 2019 – State-sponsored group Stealth Falcon is known for targeted attacks on journalists and political activists with sophisticated malware. The group has been active since 2012, and researchers associate its activities with Project Raven campaign conducted by former NSA employees. ESET discovered another tool of the group that has been […]

Lilocked Ransomware Attacks Linux Servers

Delaware, USA – September 9, 2019 – Lilocked ransomware appeared on the radars of researchers a month and a half ago, in early August the number of attacks began to grow, and since then more than 6,000 servers have been infected. It is not known for certain how the infection process occurs, but adversaries get […]