Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
* Cisco Talos recently discovered a threat actor using political and government-themed malicious domains to target entities in India and Afghanistan. * These attacks use dcRAT and QuasarRAT for Windows delivered via malicious documents exploiting CVE-2017-11882 — a memory corru
Operation “Armor Piercer:” Targeted attacks in the Indian subcontinent using commercial RATs
By Asheer Malhotra, Vanja Svajcer and Justin Thattil. * Cisco Talos is tracking a campaign targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). * This campaign distributes malicious documents and archive
Malicious Campaign Targets Latin America: The seller, The operator and a curious link
By Asheer Malhotra and Vitor Ventura, with contributions from Vanja Svajcer. * Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT. * The campaign targets travel and hospitality organizations in Latin America. * Techniques
InSideCopy: How this APT continues to evolve its arsenal
By Asheer Malhotra and Justin Thattil. * Cisco Talos is tracking an increase in SideCopy's activities targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). * SideCopy is an APT group that mimics the Si
Transparent Tribe APT expands its Windows malware arsenal
Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations. Cisco Talos’ previous research has mainly linked this group to CrimsonRAT, but new campaign
ObliqueRAT returns with new campaign using hijacked websites
By Asheer Malhotra. * Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. * This campaign targets organizations in South Asia. * ObliqueRAT has been linked to th
CRAT wants to plunder your endpoints
* Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. * Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. * One of the plugins is a ransomware known as &
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
By Asheer Malhotra. * Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. * These maldocs use malicious macros to deliver a multist
Upgraded Aggah malspam campaign delivers multiple RATs
By Asheer Malhotra * Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans (RATs). * The infection chain utilized in the attacks is highly modularized. * The attackers utilize publicly available infrastructure s