Fire Chili is a novel strain of malware that has been leveraged by a Chinese APT group Deep Panda exploiting Log4Shell vulnerability in VMware Horizon servers. The primary focus of adversaries is cyber espionage. Targeted organizations include financial institutions, academic, travel, and cosmetics industries. Log4Shell is associated with a high-severity CVE-2021-44228 vulnerability in the Log4j […]
A sudden surge in the activity of IcedID email hijacking was identified by security researchers. IcedID, a.k.a. BokBot has been operating since 2017. A gradual evolution has led this malware from being a regular banking trojan to a sophisticated payload that hijacks ongoing email conversations and injects malicious code through a network of compromised Microsoft […]
Purple Fox malware has been wreaking all sorts of havoc on personal computers since 2018, infecting more than 30,000 machines globally. The latest studies found that Purple Fox hackers continue improving their infrastructure and adding new backdoors. To expand the botnet scale, Purple Fox is spreading trojanized installers that masquerade as legitimate software packages. The […]
When spring comes, bugs bloom. A novel, highly severe flaw in the Spring Cloud Function came on the radar on March 29, 2022. An easy to exploit vulnerability affects the Spring Core module ā a framework used in Java applications, and requires JDK9+. If exploited, this Spring Core vulnerability enables hackers to execute remote code […]
Researchers warn about a new cyber espionage campaign by notorious Mustang Panda APT group that has been ongoing since at least August 2021. A previously undisclosed variation of Korplug (also known as PlugX) remote access tool (RAT) has been targeting primarily Ukrainian organizations and European diplomatic missions. The new malware strain was named Hodur referencing […]
A new unusual malware delivery method has been observed since February 2022. The newest research shows evidence of a resurgence of a Vidar information stealer that has been operating since at least 2018. The latest Vidar campaign is plainly straightforward except for one special trick. This time, threat actors tend to hide their payload within […]
The Muhstik botnet has been around since 2018, continuously expanding the map of its victims, hitting new services and platforms, and diversifying its range of attacks, including coin mining activities, staging DDoS attacks, or exploiting the infamous vulnerabilities in the Log4j Java library. This time, the notorious malware gang has been actively exploiting a Lua […]
A new burst of Iranian state-sponsored APT35 attacks has been observed by researchers over the past few months. A new study shows that APT35 (a.k.a. TA453, COBALT ILLUSION, Charming Kitten, ITG18, Phosphorus, Newscaster) has been increasingly exploiting Microsoft Exchange ProxyShell vulnerabilities for initial access and leveraging quite a bunch of different attack vectors once they […]
The most recent hacking campaign by North Korean APT Kimsuky was launched in late January 2022 and is still ongoing. This time, Kimsuky hackers are armed with commodity open-source remote access tools (RATs) installed with the tailored malware Gold Dragon. Detect Gold Dragon Backdoor To identify that your system was compromised with the Gold Dragon […]
A new targeted malware has been observed attacking government and construction entities in France. Proofpoint conducted extensive research of the malware dubbed Serpent.Ā Serpent Backdoor analysis showed that adversaries have been using quite a few unusual behaviors that have never been detected before. This calls for crafting new detection content that captures specifically those new […]