How to instrument system applications on Android stock images
By Vitor Ventura This post is the result of research presented at Recon Montreal 2022. Two slide decks are provided along with this research . One is the presentation showing the whole process and how to do it on Google Play Protect services. The other one is a workshop on how
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
Lazarus and the tale of three RATs
Cisco Talos assesses with high confidence these attacks have been conducted by the North Korean state-sponsored threat actor Lazarus Group.
MagicRAT: Lazarus’ latest gateway into victim networks
Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
* Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. * The implants for t
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
* Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence
Time to secure hybrid work for 2022, not 2002
Editor’s note: This post is the first in a new series from Talos looking at high-level topics across the cybersecurity space. Our researchers rely on years of expertise, data, and tremendous visibility; applying what we can learn from history, research, and analysis to nascent se
What’s with the shared VBA code between Transparent Tribe and other threat actors?
Recently, we've been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs). After a hunting session in our malware sample repositories and VirusTotal while looking into these actors, w
Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
Cisco Talos has observed a new wave of Delphi malware called Micropsia developed and operated by the Arid Viper APT group since 2017. * This campaign targets Palestinian entities and activists using politically themed lures. * The latest iteration of the implant contains multi