SideCopy APT Launches Phishing Campaign Against Indian Government
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The new malicious activity of the SideCopy threat actors is the attack campaign STEPPY#KAVACH, which was notably active in 2021 and was originally related to Pakistan. The most recent malicious attack …
Campaigns Spread InfoStealer Malware Targeting Italy, Germany, and Turkey
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A number of campaigns have been launched that spread InfoStealer malware written in the .NET programming language using phishing emails and Windows Shortcut (LNK) files and Batch Scripts (BAT). Based on …
GuLoader’s Advanced Anti-Analysis Techniques
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GuLoader is an advanced malware downloader that uses polymorphic shellcode to bypass traditional security solutions. In GuLoader, all embedded DJB2 hash values are mapped against every API used by the malware. …
Vice Society gang switches to new custom ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Vice Society is a well-established ransomware group that has successfully targeted a range of enterprises. They aim to maximize their financial gain by using the standard double extortion strategy. In recent …
Microsoft Rolled Out SPNEGO NEGOEX Critical Vulnerability
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft updated the severity level of the CVE-2022-37958 vulnerability from high to critical after discovering that threat actors can use the vulnerability to execute code remotely. …
Ekipa RAT A High-Priced and Evolving Threat for Targeted Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Ekipa is a remote access trojan (RAT) that is used for targeted attacks and can be purchased on underground forums for a high price of$3,900. It primarily spreads and operates through …
Nokoyawa 2.0 A Reworked Rust-Based Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Nokoyawa is a 64-bit Windows-based ransomware family that first appeared in early February 2022. The threat group behind Nokoyawa conducts double-extortion ransomware attacks, first stealing data from companies, then encrypting files, …
Two Zero-day Supply Chain Attacks Found in the Python Package Index
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A zero-day supply chain attack called “aioconsol” was discovered on December 9, 2022 in a Python package published on the Python Package Index (PyPI) on December 6, 2022. All three versions …
Gamaredon APT cyber feud strikes Ukrainian entities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary One of the most ubiquitous, intrusive, consistently active, and laser-focused APTs targeting Ukraine in cyberspace is the Gamaredon group, also known as the Shuckworm. Gamaredon Group has employed fast flux DNS …
New Exploit Method that Bypasses ProxyNotShell Mitigations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new exploit method has been found in the mitigations of the Microsoft Exchange vulnerability ProxyNotShell URL rewrite that allows for remote code execution (RCE) on compromised servers through Outlook Web …