Iranian OilRig Group Strikes with AutoHotkey Keylogger and Malicious Macro
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In a recent intrusion, a threat actor utilized AutoHotkey to launch a keylogger. The Iranian OilRig group is suspected to be the culprit behind this attack. The initial compromise was initiated …
A new botnet called the Medusa Botnet is emerging via Mirai Botnet targeting Linux users
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Mirai is a botnet that has been active since 2016 and exploits vulnerabilities in Linux-based networking devices like routers and IoT devices to gain control and perform malicious activities like DDoS …
A critical flaw in Cisco IOx Root Access Threat has been discovered
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Cisco has issued security patches to address a high-severity vulnerability(CVE-2023-20076) in the Cisco IOx application hosting environment that can be exploited to execute arbitrary commands as root on the underlying host …
Cyberattack on Medical and Energy Sector by Lazarus Group
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber-attack conducted by North Korean state-sponsored Lazarus Group targeted public and private sector research organizations, the medical research and energy sector as well as their supply chain for intelligence benefit, …
Unveiling the Advanced Rust-based Nevada Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new type of ransomware named “Nevada Ransomware” has been identified. The creators of this ransomware have established an affiliate program that was initially introduced in the RAMP underground community. This …
MalVirt: .NET Malware Loaders Spread through Malvertising Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary MalVirt is a cluster of virtualized .NET malware loaders are distributed through malvertising attacks that use obfuscated virtualization and the Windows Process Explorer driver to evade anti-analysis and terminate processes. The …
Ice Breaker a Looming Threat on the Gaming Industry
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Online gaming and gambling companies have been targeted by hackers using unseen backdoors. The attacks are grouped together and referred to as “Ice Breaker.” The intrusions make use of smart social …
VectorStealer Malware steals Sensitive Information via RDP Hijacking and Phishing Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary VectorStealer is a malware that steals .rdp files through phishing emails, can be generated for USD 63 in Bitcoin, exfiltrates stolen information through SMTP, Discord, or Telegram, and uses the KGB …
Headcrab malware is targeting Redis servers worldwide to mine Monero
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HeadCrab is a new and severe malware that is infiltrating and residing on servers worldwide. It is a custom-made Redis-based malware that is undetectable by traditional anti-virus solutions and has compromised …
The Menace of TrickGate Packer-as-a-Service Spreading Malware Globally
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary TrickGate has bundled several of the most well-known top-distribution malware families, including Trickbot, Maze, Emotet, REvil, CoinMiner, Cobalt Strike, Formbook, Remcos, AgentTesla, and many others. Initial access is mainly achieved through …