Cisco Talos Intelligence Blog

May 5, 2022 08:05

Mustang Panda deploys a new wave of malware targeting Europe

* In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns against European entities, including Russian organizations. Some phishing messages co

March 29, 2022 08:03

Transparent Tribe campaign uses new bespoke malware to target Indian government officials

By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. * Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well-known malware of choi

March 24, 2022 12:03

Threat Advisory: DoubleZero

This post is also available in: Українська (Ukrainian) Overview The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion of the country. This wi

March 15, 2022 12:03

Threat Advisory: CaddyWiper

This post is also available in: 日本語 (Japanese) Українська (Ukrainian) Overview Cybersecurity company ESET disclosed another Ukraine-focused wiper dubbed "CaddyWiper" on March 14. This wiper is relatively smaller than previous wiper attacks we've seen in Ukraine such as "Herm

March 10, 2022 08:03

Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups

* Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and

February 2, 2022 08:02

Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware

Cisco Talos has observed a new wave of Delphi malware called Micropsia developed and operated by the Arid Viper APT group since 2017. * This campaign targets Palestinian entities and activists using politically themed lures. * The latest iteration of the implant contains multi

January 31, 2022 08:01

Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables

Cisco Talos has observed a new campaign targeting Turkish private organizations  alongside governmental institutions. * Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to Iran's Ministry of Intelligence and Security (MOIS) by

November 22, 2021 08:11

Back from the dead: Emotet re-emerges, begins rebuilding to wrap up 2021

Executive Summary Emotet has been one of the most widely distributed threats over the past several years. It has typically been observed being distributed via malicious spam email campaigns, and often leads to additional malware infections as it provides threat actors with an in

November 16, 2021 07:11

Attackers use domain fronting technique to target Myanmar with Cobalt Strike

By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary * Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. * This shows that Cobalt Strike, although it was originally created as a legitimate tool, cont