Defenders have been observing a DarkGate malware campaign in which adversaries have taken advantage of Microsoft Excel files to spread malicious samples from publicly accessible SMB file shares. DarkGate represents a highly adaptable malicious strain, potentially stepping into the gap left by the dismantling of the notorious QakBot in late summer 2023. Detect DarkGate Malware […]
Since early spring 2024, the notorious North Korea-linked hacking collective tracked as Kimsuky APT has been launching a targeted campaign against South Korean academic institutions. Defenders have also unveiled the group’s offensive operations, which actively target Japanese organizations. The ongoing adversary campaign relies on a phishing attack vector, with hackers leveraging targeted emails that disguise […]
The latest advisory issued by law enforcement agencies within Australia, the U.S., Canada, Germany, the U.K., New Zealand, South Korea, and Japan, warns of the growing threat posed by APT40 operated on behalf of Beijing’s Ministry of State Security (MSS). Specifically, the advisory details the activities of the People’s Republic of China state-sponsored group able […]
The nefarious North Korea-linked threat actor known as Kimsuky APT group uses a novel malicious Google Chrome extension dubbed “TRANSLATEXT” for cyber espionage to illicitly collect sensitive user data. The observed ongoing campaign, which started in the early spring of 2024, is primarily targeting South Korean academic institutions. Detect Kimsuky Campaign Leveraging TRANSLATEXT Seeing the […]
The cyber threat landscape in June is heating up, largely due to the disclosure of new vulnerabilities, such as CVE-2024-4577 and CVE-2024-29849. Researchers have identified a novel critical improper authentication vulnerability in Progress MOVEit Transfer tracked as CVE-2024-5806, which has already been under active exploitation in the wild a couple of hours after its discovery. […]
Cybersecurity researchers discovered a new code execution technique that employs specially crafted MSC files and a Windows XSS flaw. The newly uncovered infection technique, dubbed GrimResource, allows attackers to perform code execution in the Microsoft Management Console (MMC). Defenders discovered a sample using GrimResource that was recently uploaded to VirusTotal in early June 2024, indicating […]
At least for two decades, we have been witnessing relentless changes in the threat landscape towards growth and sophistication, with both rough actors and state-sponsored collectives devising sophisticated offensive campaings against organizations globally. In 2024, adversaries, on average, proceed with 11,5 attacks per minute. Simultaneously, it takes 277 days for SecOps teams to detect and […]
The China-linked cyber-espionage group Velvet Ant has been infiltrating F5 BIG-IP devices for about three years, using them as internal C2 servers, deploying malware, and gaining persistence to smartly evade detection and steal sensitive data. Detect Velvet Ant Attacks In Q1 2024, APT groups from various regions, including China, North Korea, Iran, and Russia, demonstrated […]
How Crowdsourcing Shapes Future Cyber Defense Strategies Crowdsourcing is one of the key pillars for building advanced cyber defense capable of addressing the new challenges of the modern threat landscape. With over 30K new vulnerabilities being discovered solely in 2023 and cyber attacks occurring every minute, standalone teams can hardly cope with the avalanche of […]
The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]