Back from the dead: Emotet re-emerges, begins rebuilding to wrap up 2021
Executive Summary Emotet has been one of the most widely distributed threats over the past several years. It has typically been observed being distributed via malicious spam email campaigns, and often leads to additional malware infections as it provides threat actors with an in
Attackers use domain fronting technique to target Myanmar with Cobalt Strike
By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary * Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. * This shows that Cobalt Strike, although it was originally created as a legitimate tool, cont
North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets
* Cisco Talos has observed a new malware campaign operated by the Kimsuky APT group since June 2021. * Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced persistent threat (APT) group active since 2012. * This campaign utilizes malici
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
* Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan. * These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corru
Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
By Asheer Malhotra, Vanja Svajcer and Justin Thattil. * Cisco Talos is tracking a campaign targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). * This campaign distributes malicious documents and archive
Malicious Campaign Targets Latin America: The seller, The operator and a curious link
By Asheer Malhotra and Vitor Ventura, with contributions from Vanja Svajcer. * Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT. * The campaign targets travel and hospitality organizations in Latin America. * Techniques
InSideCopy: How this APT continues to evolve its arsenal
By Asheer Malhotra and Justin Thattil. * Cisco Talos is tracking an increase in SideCopy's activities targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). * SideCopy is an APT group that mimics the Si
Transparent Tribe APT expands its Windows malware arsenal
Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations. Cisco Talos’ previous research has mainly linked this group to CrimsonRAT, but new campaign
ObliqueRAT returns with new campaign using hijacked websites
By Asheer Malhotra. * Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. * This campaign targets organizations in South Asia. * ObliqueRAT has been linked to th