Tag: Malware

BlueAlpha Attack Detection: russia-affiliated Hacking Collective Abuses Cloudflare Tunnels to Distribute GammaDrop Malware
BlueAlpha Attack Detection: russia-affiliated Hacking Collective Abuses Cloudflare Tunnels to Distribute GammaDrop Malware

The russian state-sponsored threat actor BlueAlpha (aka Gamaredon, Hive0051, Shuckworm, UAC-0010, or Armageddon) has been orchestrating cyber-espionage campaigns against Ukraine since 2014. Following Russia’s full-scale invasion of Ukraine on February 24, 2022, these operations have intensified, showcasing evolving TTPs that are often tested in Ukraine before being deployed against a wider array of targets.  Recently, […]

Read More
RevC2 and Venom Loader Detection: New Malware Strains Massively Deployed via MaaS in a Sophisticated Campaign
RevC2 and Venom Loader Detection: New Malware Strains Massively Deployed via MaaS in a Sophisticated Campaign

New day, a new menace for cyber defenders. Recently, security researchers from ThreatLabz have uncovered two novel malicious strains adding to the 100 million count of those already identified in 2024. As per reports, the newly revealed RevC2 and Venom Loader have been making the rounds since the summer of 2024, leveraging Venom Spider’s Malware-as-a-Service […]

Read More
SmokeLoader Malware Detection: Notorious Loader Reemerges to Target Companies in Taiwan
SmokeLoader Malware Detection: Notorious Loader Reemerges to Target Companies in Taiwan

The nefarious SmokeLoader malware resurfaces in the cyber threat arena targeting Taiwanese companies in multiple industry sectors, including manufacturing, healthcare, and IT. Typically used as a downloader for deploying other malicious samples, in the latest attack campaign, SmokeLoader executes the attack directly by retrieving plugins from its C2 server. Detect SmokeLoader Malware Almost 100 million […]

Read More
HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in Asia and Europe
HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in Asia and Europe

For nearly three years since the full-scale war in Ukraine began, cyber defenders have reported a growing number of russia-aligned offensive operations targeting Ukrainian organizations to collect intelligence, with attacks increasingly expanding their geographical scope. The russia-backed hacking collective tracked as TAG-110 or UAC-0063 has been observed behind an ongoing cyber-espionage campaign against organizations in […]

Read More
BlackSuit Ransomware Detection: Ignoble Scorpius Escalates Attacks, Targets 90+ Organizations Worldwide
BlackSuit Ransomware Detection: Ignoble Scorpius Escalates Attacks, Targets 90+ Organizations Worldwide

Emerging last year as the successor to Royal ransomware, BlackSuit has quickly evolved into a highly sophisticated malicious spinoff, aggressively targeting organizations worldwide. Security researchers have recently observed a significant surge in activity by the Ignoble Scorpius group, the operator behind BlackSuit, with over 90 organizations falling victim to their relentless intrusions. Detect BlackSuit Ransomware […]

Read More
BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns
BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns

Following a wave of cyber attacks by the Iran-linked hacking collective tracked as Pioneer Kitten, the FBI, CISA, and authoring partners issue a new alert notifying defenders of a growing threat posed by BianLian Ransomware Group, which primarily targets critical infrastructure organizations in the U.S. and Australia. Detect BianLian Ransomware According to the State of […]

Read More
Fickle Stealer Malware Detection: New Rust-Based Stealer Disguises as Legitimate Software to Steal Data from Compromised Devices
Fickle Stealer Malware Detection: New Rust-Based Stealer Disguises as Legitimate Software to Steal Data from Compromised Devices

A new Rust-based stealer malware dubbed Fickle Stealer has come to the scene, capable of extracting sensitive data from compromised users. The new stealer masquerades itself as GitHub Desktop software for Windows and employs a wide range of anti-malware and detection evasion techniques, posing a growing threat to its potential victims. Detect Fickle Stealer Malware […]

Read More
PXA Stealer Detection: Vietnamese Hackers Hit the Public and Education Sectors in Europe and Asia
PXA Stealer Detection: Vietnamese Hackers Hit the Public and Education Sectors in Europe and Asia

Hot on the heels of the recent wave of cyber-attacks leveraging a highly evasive Strela Stealer in Central and Southwestern Europe, a new infostealer comes into the spotlight targeting sensitive data within the government and education sectors across Europe and Asia. Defenders have observed an ongoing info-stealing campaign attributed to Vietnamese-speaking adversaries who leverage a […]

Read More
New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant
New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant

Cybersecurity researchers have identified an ongoing in-the-wild adversary campaign, which leverages a known RCE vulnerability in Microsoft Office tracked as CVE-2017-0199 exploited by a malicious Excel file used as a lure attachment in phishing emails. The phishing campaign is designed to distribute a new fileless version of the notorious Remcos RAT malware and take full […]

Read More
Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern Europe
Stealthy Strela Stealer Detection: Info-Stealing Malware Resurfaces with Enhanced Capabilities to Target Central and Southwestern Europe

Security researchers have revealed a stealthy campaign targeting users in Central and Southwestern Europe with an email credential stealer. Dubbed Strela, this evasive malware is deployed via phishing emails, utilizing obfuscated JavaScript and WebDAV to circumvent conventional security measures. Since its emergence two years ago, Strela Stealer has significantly enhanced its malicious capabilities, allowing it […]

Read More