New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
* Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and
A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
By Vitor Ventura and Arnaud Zobec. Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. Amnesty International recently made international headlines when it released a groundb
Vice Society leverages PrintNightmare in ransomware attacks
Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Cisco Talo
WastedLocker Goes "Big-Game Hunting" in 2020
By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary * After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. *