Summary: The Konni campaign has resurfaced in a new phishing attack employing a Russian-language Microsoft Word document to distribute malware. The malicious software aims to harvest sensitive information from compromised Windows hosts. Threat Level – Red | Attack Report For a detailed threat advisory, download the …

Summary: The macOS information-stealing malware known as Atomic, or AMOS, is currently being delivered to targets through a deceptive web browser update chain known as ClearFake. ClearFake is a recent malware campaign that exploits compromised websites to distribute fake browser updates. Threat Level – Amber …

Summary: DarkGate, a formidable Remote Access Trojan (RAT), functions as a Malware-as-a-Service (MaaS) and is masterminded by the elusive RastaFarEye within the underground cybercrime landscape. The latest iteration, DarkGate 5.0.19, advances upon its predecessors with sophisticated evasion techniques and a comprehensive toolkit for credential theft, …

Summary: Mustang Panda, a threat actor associated with China, has been implicated in a cyber attack targeting a government entity in the Philippines. The attackers employed a strategy of using legitimate software, such as Solid PDF Creator and SmadavProtect (an antivirus solution based in Indonesia), …

Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements published on …

Summary: Threat actors exploit NetSupport Manager into a Remote Access Trojan (RAT), leading to a recent surge in infections across multiple sectors. The evolving attack chain involves deceptive website downloads, JavaScript payloads, and PowerShell commands, emphasizing the need for vigilant detection and response measures. Threat …

Summary: The Kinsing malware operator is actively taking advantage of the critical vulnerability CVE-2023-46604 in Apache ActiveMQ, an open-source message broker. The vulnerability allows remote code execution, facilitating deployment of Kinsing malware   ( aka h2miner), which functions as a cryptocurrency miner. Threat Level – Red …

Summary: Russian cyber espionage group Gamaredon (aka Primitive Bear) has been observed utilizing a USB-propagating worm known as LitterDrifter in attacks targeting Ukrainian entities. This group has recently adopted LitterDrifter, a worm written in VBS, designed to spread through removable USB drives and establish a …

Summary:  A cybercriminal group, Scattered Spider, known for targeting commercial facilities, highlighting their evolving tactics, social engineering expertise, phishing, and SIM swap attacks, evolving techniques like file encryption post-exfiltration to maintain persistence and adapt to security measures. Threat Level – RED | Attack Report For …