Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
Gamaredon APT targets Ukrainian government agencies in new campaign
Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives.
Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities
September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday.
Lazarus and the tale of three RATs
Cisco Talos assesses with high confidence these attacks have been conducted by the North Korean state-sponsored threat actor Lazarus Group.
MagicRAT: Lazarus’ latest gateway into victim networks
Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
* Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. * The implants for t
Transparent Tribe begins targeting education sector in latest campaign
* Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group. * This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government ent
Threat Advisory: Critical F5 BIG-IP Vulnerability
Summary A recently disclosed vulnerability in F5 Networks' BIG-IP could allow an unauthenticated attacker to access the BIG-IP system to execute arbitrary system commands, create and delete files, disable services and could lead to additional malicious activity. This vulner
Mustang Panda deploys a new wave of malware targeting Europe
* In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns against European entities, including Russian organizations. Some phishing messages co