Cisco Talos Blog


SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023.

June 21, 2024 08:00

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia.

June 18, 2024 07:57

How are attackers trying to bypass MFA?

Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their 'push-spray' MFA attacks

June 13, 2024 06:00

Operation Celestial Force employs mobile and desktop malware to target Indian entities

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”

June 20, 2024 14:00

Tabletop exercises are headed to the next frontier: Space

More on the recent Snowflake breach, MFA bypass techniques and more.

June 18, 2024 08:00

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs.

June 13, 2024 14:00

How we can separate botnets from the malware operations that rely on them

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group.

June 11, 2024 13:46

Only one critical issue disclosed as part of Microsoft Patch Tuesday

The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing.

June 6, 2024 14:00

The sliding doors of misinformation that come with AI-generated search results

AI’s integration into search engines could change the way many of us interact with the internet.