Cisco Talos Intelligence Blog

January 31, 2022 08:01

Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables

Cisco Talos has observed a new campaign targeting Turkish private organizations  alongside governmental institutions. * Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to Iran's Ministry of Intelligence and Security (MOIS) by

September 30, 2021 08:09

A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus

By Vitor Ventura and Arnaud Zobec. Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. Amnesty International recently made international headlines when it released a groundb

September 16, 2021 08:09

Operation Layover: How we tracked an attack on the aviation industry to five years of compromise

By Tiago Pereira and Vitor Ventura. * Cisco Talos linked the recent aviation targeting campaigns to an actor who has been targeting the aviation industry for two years. * The same actor has been running successful malware campaigns for more than five years. * Although always

February 23, 2021 07:02

Gamaredon - When nation states don’t pay all the bills

By Warren Mercer and Vitor Ventura. Update 02/22: The IOC section has been updated * Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is us

February 9, 2021 14:02

Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows

* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others h

June 29, 2020 13:06

PROMETHIUM extends global reach with StrongPity3 APT

By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * The threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years. * They continue to expand their victimology and attack seemingly non related countries. *

October 21, 2019 10:10

Gustuff return, new features for victims

By Vitor Ventura with contributions from Chris Neal. Executive summary The Gustuff banking trojan is back with new features, months after initially appearing targeting financial institutions in Australia. Cisco Talos first reported on Gustuff in April. Soon after, the actors be

April 9, 2019 13:04

Gustuff banking botnet targets Australia

EXECUTIVE SUMMARY Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message spam scam previously spotted

December 10, 2018 11:12

in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal

This blog post is authored by Vitor Ventura. Executive summary Messaging applications have been around since the inception of the internet. But recently, due to the increased awareness around mass surveillance in some countries, more users are installing end-to-end encrypted