New PXA Stealer targets government and education sectors for sensitive information
Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.
Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code
Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.
Bitter APT adds Bangladesh to their targets
* Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers' usual victims. * As part of this, there's a new trojan based on Apost Talos is calling "Zxx
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
* Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user's information. * According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across the United States,
Attackers use domain fronting technique to target Myanmar with Cobalt Strike
By Chetan Raghuprasad, Vanja Svajcer and Asheer Malhotra. News Summary * Cisco Talos discovered a new malicious campaign using a leaked version of Cobalt Strike in September 2021. * This shows that Cobalt Strike, although it was originally created as a legitimate tool, cont
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey. * Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine
Neurevt trojan takes aim at Mexican users
By Chetan Raghuprasad, with contributions from Vanja Svajcer. News summary * Cisco Talos discovered a new version of the Neurevt trojan with spyware and backdoor capabilities in June 2021 using Cisco Secure Endpoint product telemetry. * This version of Neurevt appears to tar