Phobos Ransomware represents the relatively new ransomware family based on Dharma (CrySis) that has been notorious since 2016. The first traces of Phobos were spotted less than two years ago, at the turn of 2019. SOC Prime Threat Detection Marketplace, the world’s largest platform for SOC content, offers Phobos ransomware detection scenarios among its library […]
Another Ransomware as a Service platform is preparing to play a high-stakes game with organizations. Researchers at Sentinel Labs discovered the first attacks using the FONIX platform about three months ago. Now, this RaaS platform is still under active development, but their first customers are already trying their capabilities. So far, FONIX is quite inconvenient […]
Last week, researchers at Zscaler ThreatLabZ released a report on a massive campaign targeting the supply chain and government sectors in the Middle East. Cybercriminals sent phishing emails pretended to be from Abu Dhabi National Oil Company (ADNOC) employees that infected targets with the AZORult Trojan. Campaign Targeted at organizations in the Middle East The […]
Aruba Networks, the subsidiary of Hewlett Packard Enterprise, has released a Security Advisory on recently discovered multiple vulnerabilities in their product leveraged by enterprise clients worldwide. In this article, we will cover the details of the most severe of the reported Remote Command Execution vulnerability in Aruba ClearPass (CVE-2020-7115) with CVSS 8.1, and content to […]
Dridex malware has been attacking banks and financial institutions for almost a decade. In 2019, the US Department of Justice brought charges against Russian nationals who stood behind the creation of the Dridex malware and were leading criminal activities that delivered them about $100 million. Even back in 2015, Dridex was responsible for roughly $30.5 […]
Today we would like to draw your attention to a relatively recent threat and content for its detection. Smaug Ransomware-as-a-Service appeared on researchers’ radars at the end of April 2020, attackers look for affiliates exclusively on Russian-language Dark Web forums and offer using their platform for a fairly large initial payment and 20% of further […]
Infostealers occupy a special place among malware, since, with their simplicity, they very effectively cope with their primary tasks: to collect all potentially valuable information in the system, exfiltrate it to the command-and-control server, and then delete themselves and traces of their activities. They are used by both beginners and advanced threat actors, and there are […]
The Evilnum group operations were first discovered in 2018. The group is highly focused on attacks on large financial technology organizations, especially on investment platforms and cryptocurrency-related companies. Most of their targets are located in Europe and the United Kingdom, but the group also carried out separate attacks on organizations in Canada and Australia. Researchers […]
The use of COVID19 related lures is already perceived as common practice among both financially motivated groups and state-sponsored cyber espionage units. Researchers released a report last week about another group that has been using COVID19 themed phishing emails for six months to deliver their new tool. Yes, we are talking about the Chinese APT […]
Nanocore RAT has been used in cyberattacks for about 7 years, and there are a huge number of modifications of this trojan. Official, “semi-official” and cracked versions of this malware are sold on forums on the DarkNet, and sometimes even given away for free, so it is not surprising that the number of attacks using […]