Cisco Talos Blog

August 24, 2023 08:02

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

March 14, 2023 07:00

Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency

Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.

October 13, 2022 08:00

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.

September 15, 2022 09:00

Gamaredon APT targets Ukrainian government agencies in new campaign

Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives.

September 13, 2022 14:01

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

September's security update features five critical vulnerabilities, 10 fewer than were included in last month’s Patch Tuesday.

September 8, 2022 08:01

Lazarus and the tale of three RATs

Cisco Talos assesses with high confidence these attacks have been conducted by the North Korean state-sponsored threat actor Lazarus Group.

September 7, 2022 08:01

MagicRAT: Lazarus’ latest gateway into victim networks

Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.

August 2, 2022 08:00

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

* Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. * The implants for t

July 13, 2022 19:58

Transparent Tribe begins targeting education sector in latest campaign

* Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group. * This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government ent