The Menace of TrickGate Packer-as-a-Service Spreading Malware Globally
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TrickGate has bundled several of the most well-known top-distribution malware families, including Trickbot, Maze, Emotet, REvil, CoinMiner, Cobalt Strike, Formbook, Remcos, AgentTesla, and many others. Initial access is mainly achieved through …
Uncovering the Threat of BlueBravo with GraphicalNeutrino and BEATDROP
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GraphicalNeutrino and BEATDROP are malicious software used by the Russian-linked threat group BlueBravo in targeted cyber attacks, using legitimate Western services for command-and-control communications to evade detection. …
Infection and Evolution of the GOOTLOADER Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GOOTLOADER malware infects via malicious archive download, executing JavaScript and PowerShell, delivering FONELAUNCH, Cobalt Strike BEACON/SNOWCONE, with the latest variant writing JavaScript to disk and creating a task. …
Proof-of-concept released for Windows CryptoAPI vulnerability
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-34689 is a critical vulnerability in Windows CryptoAPI that was publicly announced by Microsoft in October 2022. The vulnerability allows an attacker to masquerade as a legitimate entity by exploiting the …
QNAP addresses a vulnerability in NAS devices
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary QNAP has released updates to address a security flaw in its network-attached storage (NAS) devices that allows arbitrary code injection. This vulnerability enables a remote attacker to run any SQL query …
Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, APT40 and Tick, are well-known Chinese threat actors known for information …
Cyber Attack on Ukrainian National Information Agency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary On 17th January 2023, the Ukrainian National Information Agency “Ukrinform” suffered a partial cyber attack. The Government Computer Emergency Response Team of Ukraine (CERT-UA) initiated an investigation into the attack at …
New Ransomware Mimic Emerges in the Wild, Abusing Legitimate Tool for Faster Encryption
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mimic is a new ransomware that uses the APIs of a legitimate tool called Everything to encrypt target files and has multiple capabilities such as deleting shadow copies, terminating multiple applications …
Similarities between hacktivist groups reveal Iranian connection
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary COBALT SAPLING is a threat actor group that is believed to be Iranian in origin. The group has been found to operate multiple hacktivist group personas, including Moses Staff and Abraham’s …
CRYPTBOT Information-Stealing Malware Targeting Your Browser and Crypto-Wallet
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CRYPTBOT is malware that steals personal information by gathering browser credentials, cookies, cryptocurrency wallets, and system information. It then compresses the collected data into a zip file and sends it to …