The Internet did my homework
By Jaeson Schultz and Matt Valites. As students return to school for in-person and virtual learning, Cisco Talos discovered an increase in DNS requests coming into Umbrella resolving domains we classify as "academic fraud." Data from Pew Research on back-to-school dates aligns w
Stolen emails reflect Emotet's organic growth
By Jaeson Schultz Introduction Emotet has a penchant for stealing a victim's email, then impersonating that victim and sending copies of itself in reply. The malicious emails are delivered through a network of stolen outbound SMTP accounts. This relatively simple email-man-in-t
Emotet is back after a summer break
Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking trojans
Hiding in Plain Sight
Cisco Talos is continually working to ensure that our threat intelligence not only accounts for the latest threats but also new versions of old threats, such as spam. This often means pursuing cybercriminals wherever they congregate. However, instead of wheeling-and-dealing using
ExileRAT shares C2 with LuckyCat, targets Tibet
What we learned by unpacking a recent wave of Imminent RAT infections using AMP
Bitcoin Bomb Scare Associated with Sextortion Scammers
Anatomy of a sextortion scam
This blog was written by Jaeson Schultz. Since this July, attackers are increasingly spreading sextortion-type attacks across the internet. Cisco Talos has been investigating these campaigns over the past few months. In many cases the spammers harvested email addresses and passw