Cisco Talos Intelligence Blog

May 18, 2022 02:05

The BlackByte ransomware group is striking users all over the globe

News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa

May 11, 2022 10:05

The BlackByte ransomware group is striking users all over the globe

News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa

September 21, 2021 08:09

TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines

News summary * Cisco Talos recently discovered a new backdoor used by the Russian Turla APT group. * We have seen infections in the U.S., Germany and, more recently, in Afghanistan. * It is likely used as a stealth second-chance backdoor to keep access to infected devices *

March 31, 2021 09:03

Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools

By Nick Lister and Holger Unterbrink, with contributions from Vanja Svajcer. News summary * Cisco Talos recently discovered a new campaign targeting video game players and other PC modders. * Talos detected a new cryptor used in several different malware campaigns hidden

January 6, 2021 09:01

A Deep Dive into Lokibot Infection Chain

By Irshad Muhammad, with contributions from Holger Unterbrink. News summary * Lokibot is one of the most well-known information stealers on the malware landscape. In this post, we'll provide a technical breakdown of one of the latest Lokibot campaigns. * Talos also has a n

December 17, 2020 09:12

Talos tools of the trade

By Andrea Marcelli and Holger Unterbrink. If you're looking for something to keep you busy while we're all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the latest ve

October 20, 2020 11:10

Dynamic Data Resolver - Version 1.0.1 beta

By Holger Unterbrink. 12/17/20 Update: A new version of this software and associated blog can be found here Cisco Talos is releasing a new beta version of Dynamic Data Resolver (DDR) today. This release comes with a new architecture for samples using multi-threading. The proce

August 10, 2020 11:08

Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x

By Cory Duplantis. One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of snap