Gangs Target Big Businesses in the U.S., Europe, and Asia The Brute Ratel pentesting tool with remote access features has been added to the…
Cobalt Strike
Home office routers are being used by the malware ZuoRAT to spy on specific networks
Small office/home office (SOHO) routers have been singled out by a previously unknown remote access trojan known as ZuoRAT as part of a sophisticated…
Avos ransomware organisation increases its attack capabilities
We recently noticed a month-long AvosLocker promotion during a client engagement. Cobalt Strike, Sliver, and various commercial network scanners were among the tools used…
QBot is now distributing Black Basta ransomware in bot-powered attacks
To spread laterally through hacked corporate environments, the Black Basta ransomware gang has collaborated with the QBot malware operation. QBot (QuakBot) is a Windows…
A fresh perspective on “fileless” malware: Event logs carrying harmful code
Security researchers have discovered a malicious campaign that stores malware in Windows event logs, a technique that has never been publicly described for attacks…
Chinese hacker group Mustang Panda executing espionage attacks
Mustang Panda, a China-based threat actor, has been improving and adding tools to attack firms located in Asia, the European Union, Russia, and the…
Sting BazarLoader has been buzzed with bumblebee.
Proofpoint has identified a new malware loader known as Bumblebee. At least three different threat clusters tied to ransomware operations employ the loader. More…
The Qbot malware has switched to a new infection vector: Windows Installer
Phishing emails with password-protected ZIP archive attachments containing malicious MSI Windows Installer packages are now being used by the Qbot botnet to spread malware…
Hive’s New Detection-Eluding Technique is IPfuscation.
The Hive ransomware group has adopted a new obfuscation technique to evade detection. The technique involves IPv4 addresses and a series of conversions leading…
Vmware Horizon servers continue to be exploited through log4j vulnerability
Attackers continue to target VMware Horizon servers, which many organizations use to securely access enterprise apps for remote workers. Attackers are exploiting the critical…