Cisco Talos Blog

September 19, 2023 08:00

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants

Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.

August 24, 2023 08:04

Lazarus Group's infrastructure reuse leads to discovery of new malware

Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.

August 24, 2023 08:02

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

August 7, 2023 08:00

Code leaks are causing an influx of new ransomware actors

Cisco Talos is seeing an increasing number of ransomware variants emerge, since 2021, leading to more frequent attacks and new challenges for cybersecurity professionals, particularly regarding actor attribution.

March 14, 2023 07:00

Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency

Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.

February 9, 2023 08:09

Beyond the basics: Implementing an active defense

An active defense posture, where the defenders actively use threat intelligence and their own telemetry to uncover potential compromises, is the next stage in the cyber security maturity road. Instead of waiting for detections to trigger, defenders can take initiative and hunt threat actors.

January 12, 2023 07:59

How to instrument system applications on Android stock images

By Vitor Ventura This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other one is a workshop on how

October 13, 2022 08:00

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.

September 8, 2022 08:01

Lazarus and the tale of three RATs

Cisco Talos assesses with high confidence these attacks have been conducted by the North Korean state-sponsored threat actor Lazarus Group.