Cisco Talos Blog

March 24, 2022 12:57

Threat Advisory: DoubleZero

This post is also available in: Українська (Ukrainian) Overview The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion of the co

March 15, 2022 12:48

Threat Advisory: CaddyWiper

This post is also available in: 日本語 (Japanese) Українська (Ukrainian) Overview Cybersecurity company ESET disclosed another Ukraine-focused wiper dubbed "CaddyWiper" on March 14. This wiper is relatively smaller than previous wiper attacks we've seen in Ukraine

March 10, 2022 08:02

Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups

* Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence

February 2, 2022 08:00

Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware

Cisco Talos has observed a new wave of Delphi malware called Micropsia developed and operated by the Arid Viper APT group since 2017. * This campaign targets Palestinian entities and activists using politically themed lures. * The latest iteration of the implant contains multi

January 31, 2022 08:00

Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables

Cisco Talos has observed a new campaign targeting Turkish private organizations  alongside governmental institutions. * Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to Iran's Ministry of Intelligence and Security (MOIS

November 22, 2021 08:00

Back from the dead: Emotet re-emerges, begins rebuilding to wrap up 2021

Executive Summary Emotet has been one of the most widely distributed threats over the past several years. It has typically been observed being distributed via malicious spam email campaigns, and often leads to additional malware infections as it provides threat actors with an in

November 16, 2021 07:00

Attackers use domain fronting technique to target Myanmar with Cobalt Strike

By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary * Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. * This shows that Cobalt Strike, although it was originally created as a legitimate tool, cont

November 10, 2021 17:11

North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets

* Cisco Talos has observed a new malware campaign operated by the Kimsuky APT group since June 2021. * Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced persistent threat (APT) group active since 2012. * This campaign utilizes malici

October 19, 2021 20:00

Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India

* Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan. * These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corru