Cisco Talos Intelligence Blog

October 13, 2022 08:10

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.

September 15, 2022 09:09

Gamaredon APT targets Ukrainian government agencies in new campaign

Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives.

September 13, 2022 14:09

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday.

September 8, 2022 08:09

Lazarus and the tale of three RATs

Cisco Talos assesses with high confidence these attacks have been conducted by the North Korean state-sponsored threat actor Lazarus Group.

September 7, 2022 08:09

MagicRAT: Lazarus’ latest gateway into victim networks

Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.

August 2, 2022 08:08

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

* Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. * The implants for the new mal

May 10, 2022 15:05

Threat Advisory: Critical F5 BIG-IP Vulnerability

Summary A recently disclosed vulnerability in F5 Networks' BIG-IP could allow an unauthenticated attacker to access the BIG-IP system to execute arbitrary system commands, create and delete files, disable services and could lead to additional malicious activity. This vulnerabil

May 5, 2022 08:05

Mustang Panda deploys a new wave of malware targeting Europe

* In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns against European entities, including Russian organizations. Some phishing messages co

March 29, 2022 08:03

Transparent Tribe campaign uses new bespoke malware to target Indian government officials

* Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well-known malware of choice, they are also using new stagers and implants. * This campaign, which has be