Cisco Talos Blog

September 19, 2023 08:00

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants

Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.

April 26, 2023 08:00

Quarterly Report: Incident Response Trends in Q1 2023

In 45 percent of engagements, attackers exploited public-facing applications to establish initial access, a significant increase from 15 percent the previous quarter.

January 26, 2023 04:00

Quarterly Report: Incident Response Trends in Q4 2022

Ransomware continued to be a top threat Cisco Talos Incident Response (Talos IR) responded to this quarter, with appearances from both previously seen and newly observed ransomware families.

October 25, 2022 08:00

Quarterly Report: Incident Response Trends in Q3 2022

A lack of MFA remains one of the biggest impediments to enterprise security.

July 26, 2022 10:03

Quarterly Report: Incident Response Trends in Q2 2022

For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response (CTIR) responded to this quarter, as commodity malware surpassed ransomware by a narrow margin. This is likely due to several factors, including the closure of several ransomwa

April 26, 2022 09:11

Quarterly Report: Incident Response trends in Q1 2022

Ransomware continues as the top threat, while a novel increase in APT activity emerges Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021 year-in-revie

March 17, 2022 07:58

From BlackMatter to BlackCat: Analyzing two attacks from one affiliate

* BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months. * There are rumors of a relationship between BlackCat and the BlackMatter/DarkSide ransomware groups, infamous for attacking the Colon

May 7, 2021 15:50

Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs

By Caitlin Huey and Andrew Windsor with contributions from Edmund Brumaghin. * Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns. * Lemon Duck remains relevant as the operat