Cisco Talos Blog

February 22, 2022 08:00

Time to secure hybrid work for 2022, not 2002

Editor’s note: This post is the first in a new series from Talos looking at high-level topics across the cybersecurity space. Our researchers rely on years of expertise, data, and tremendous visibility; applying what we can learn from history, research, and analysis to nascent se

February 9, 2022 08:05

What’s with the shared VBA code between Transparent Tribe and other threat actors?

Recently, we've been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs). After a hunting session in our malware sample repositories and VirusTotal while looking into these actors, w

February 2, 2022 08:00

Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware

Cisco Talos has observed a new wave of Delphi malware called Micropsia developed and operated by the Arid Viper APT group since 2017. * This campaign targets Palestinian entities and activists using politically themed lures. * The latest iteration of the implant contains multi

January 31, 2022 08:00

Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables

Cisco Talos has observed a new campaign targeting Turkish private organizations  alongside governmental institutions. * Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to Iran's Ministry of Intelligence and Security (MOIS

September 30, 2021 08:01

A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus

By Vitor Ventura and Arnaud Zobec. Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. Amnesty International recently made international headlines when it released a groundb

September 16, 2021 08:00

Operation Layover: How we tracked an attack on the aviation industry to five years of compromise

By Tiago Pereira and Vitor Ventura. * Cisco Talos linked the recent aviation targeting campaigns to an actor who has been targeting the aviation industry for two years. * The same actor has been running successful malware campaigns for more than five years. * Although always

February 23, 2021 07:59

Gamaredon - When nation states don’t pay all the bills

By Warren Mercer and Vitor Ventura. Update 02/22: The IOC section has been updated * Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is us

February 9, 2021 14:17

Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows

* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others h

June 29, 2020 13:59

PROMETHIUM extends global reach with StrongPity3 APT

By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * The threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years. * They continue to expand their victimology and attack seemingly non related countries. *