Cisco Talos Blog

March 9, 2023 08:02

Prometei botnet improves modules and exhibits new capabilities in recent updates

The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.

May 7, 2021 15:50

Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs

By Caitlin Huey and Andrew Windsor with contributions from Edmund Brumaghin. * Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns. * Lemon Duck remains relevant as the operat

January 21, 2020 12:49

Breaking down a two-year run of Vivin’s cryptominers

News Summary * There is another large-scale cryptomining attack from an actor we are tracking as "Vivin" that has been active since at least November 2017. * "Vivin" has consistently evolved over the past few years, despite having poor operational security

July 12, 2018 15:00

Advanced Mobile Malware Campaign in India uses Malicious MDM

Summary Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices. At this time, we don't know how the attacker managed