LockBit threat actors have been recently under the spotlight in the cyber domain. In July 2022, the hacking collective hit the headlines by introducing the first-ever bug bounty program launched by a ransomware gang. In the latest cyber-attacks, the notorious ransomware group applies Living-off-the-Land tools by abusing the legitimate Microsoft Defender’s command-line utility to deploy […]
Financially motivated criminal hackers leverage a new infostealer dubbed Ducktail to exfiltrate browser cookies and take over victims’ Facebook Business accounts. The evidence suggests that the adversaries behind the campaign are Vietnam-based, primarily targeting professionals working in HR, management, and marketing. The beginning of the active development of the Ducktail campaign can be traced back […]
On July 27, 2022, Microsoft cybersecurity researchers published a notice observing the recently revealed malicious activity of the European private-sector offensive actor (PSOA) tracked as KNOTWEED, which leverages a set of Windows and Adobe zero-day exploits, including the newly patched CVE-2022-22047 vulnerability. According to the research, threat actors launch targeted cyber-attacks against organizations in Europe […]
A new infostealer is getting traction after its source code was shared earlier this month on cybercrime forums. Researchers suggest that the malware developers took this step as a marketing ploy to build a reputation and increase future sales. The malware developer has also included instructions on how to edit this Rust-based stealer and compile […]
The APT37, aka Reaper, Ricochet Chollima, and ScarCruft, is a hacking group affiliated with North Korea. The hackers have been active since at least 2012, mostly targeting orgs in the public and private sectors in South Korea. Starting in 2017, the adversaries expanded their targeting, now seeking victims globally. The affected sectors include but are […]
In spring 2022, the notorious Russian nation-backed cyber espionage group Armageddon, also tracked as UAC-0010, launched a series of targeted phishing cyber-attacks against Ukrainian and European state bodies. On July 26, 2022, CERT-UA issued a series of new cybersecurity alerts warning the global cyber defender community of a wave of novel phishing campaigns by these […]
Information stealing attacks that leverage the phishing email attack vector against Ukrainian organizations are currently on the rise, such as the malicious campaign less than one week ago spreading AgentTesla spyware and targeting Ukrainian state bodies. On July 25, 2022, CERT-UA released a new heads-up warning the global cyber defender community of an ongoing email […]
Spyware dubbed DevilsTongue is causing a fair share of trouble for journalists and free speech advocates in the Middle East, especially those Lebanon-based. Adversaries exploit a Chrome zero-day assigned CVE-2022-2294 that Google patched earlier this month to achieve shellcode execution, elevate privileges, and gain file-system permissions on the breached device’s memory. Researchers discovered that the […]
Over the course of the past decade, we have field-tested the argument that manual threat detection processes can no longer keep up with the current security demands. It has already been adamantly established that an era of Everything as Code (EaC) is a new reality, and security teams seeking innovation are putting its novel approaches […]
Security experts have revealed a new variant of an information stealer and banking trojan known under the moniker QBot (aka QakBot, QuackBot, or Pinkslipbot). The trojan was first detected in the late 2000s, mostly used in financially motivated attacks aimed at stealing victims’ passwords. Its operators regularly resurface with new tricks up their sleeves, adopting […]