Talos IR trends Q3 2024: Identity-based operations loom large
Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions.
Threat Spotlight: WarmCookie/BadSpace
WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.
Akira ransomware continues to evolve
As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.
Writing a BugSleep C2 server and detecting its traffic with Snort
This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort.
How LLMs could help defenders write better and faster detection
Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research
Highlighting TA866/Asylum Ambuscade Activity Since 2021
TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.
What I’ve learned in my first 7-ish years in cybersecurity
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities