New details on TinyTurla’s post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
TinyTurla-NG in-depth tooling and command and control analysis
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns
Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.
TinyTurla Next Generation - Turla APT spies on Polish NGOs
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
Generating FLIRT signatures for Nim and other non-C programming languages
Cisco Talos is excited to announce a new project to find an automated way to generate custom FLIRT signatures for IDA.
Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical”, 64 are classified as “Important”, one vulnerability is classified as “Moderate.” According to Microsoft none of the vulnerabilities
Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 101 vulnerabilities. Of these vulnerabilities, 11 are classified as “Critical”, 89 are classified as “Important”, no vulnerability classified as “Moderate.”
The BlackByte ransomware group is striking users all over the globe
News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa
The BlackByte ransomware group is striking users all over the globe
News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa