A new sophisticated APT group, dubbed Dark Halo (UNC2452, SolarStrom), has recently emerged in the cyber-security arena, gathering top press headlines during the last months. Researchers believe this advanced actor might stand behind the historical SolarWinds hack as well as the attack against Malwarebytes security vendor. Who is Dark Halo? Security experts from Volexity estimate […]
Data theft malware continues to get the ride of popularity among financially-motivated hackers. Increased interest boosts the development of new sophisticated strains promoted on the underground market. Obviously, the cheapest and simultaneously functional offerings grab attention first. This is where Oski stealer comes to the spotlight as highly dangerous and relatively low-priced malware. Oski Stealer […]
Introduction On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it “DarkSide” and, like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS […]
The in-depth inspection of the SolarWinds breach revealed the fourth piece of malicious software connected to this historical incident. According to the infosec experts, the new threat, dubbed Raindrop, is a Cobalt Strike downloader. It was applied in the post-compromise phase of attack to enhance lateral movement across a selected number of targeted networks. Raindrop […]
Threat actors constantly search for new ways to circumvent Windows security restrictions and drop malware onto the targeted network. Native Windows executables, known as LoLbins, are frequently being misused for this purpose. Recently, the Windows Finger feature was added to this list since hackers abused it for MineBridge backdoor delivery. Windows Finger Misused for Malware […]
Starting from July 2020 security researchers observe notable changes implemented to the TA551 (aka Shathak) malspam routine. Threat actors behind the TA551 campaign have switched from Ursnif and Valak distribution to IcedID banking Trojan infections. TA551 Overview TA551 is a long-lasting malspam campaign that emerged in February 2019. Initially, it was focused on delivering Ursnif […]
Security researchers have spotted an ongoing Confucius APT campaign that leverages Warzone RAT malware to compromise its targets. The campaign is presumably aimed at the governmental sector of China and other South Asia countries. Warzone RAT Description Warzone remote access Trojan (RAT), a prolific successor of AveMaria stealer, first emerged in 2018 as a malware-as-a-service […]
The information security analyst Jonas L has discovered an alarming bug in Windows 10 that might corrupt any hard drive (HD) relying on the NTFS formatting. A zero-day flaw remains unpatched despite the researcher has pointed up to it since autumn 2020. NTFS Vulnerability Analysis The NTFS zero-day vulnerability exists in Windows 10 build 1803, […]
Cyber-criminals constantly take advantage of the “hottest” media topics to lure victims and infect them with malware. This time hackers decided to profit from the increased attention to the last US presidential elections and launched a Donald Trump-themed spam campaign. The final goal of this operation is to distribute the latest QRAT Trojan malware variant, […]
DoppelPaymer ransomware is gaining momentum as a leading threat to critical infrastructure assets. According to the FBI warning released in December 2020, DoppelPaymer has targeted multiple organizations in healthcare, educational, governmental and other sectors. The attack routine is highly sophisticated and aggressive, allowing its operators to extort six- and seven-digit ransoms from their victims. Notably, […]