Elizabethan England has nothing on modern-day Russia
This post was authored by Warren Mercer and Vitor Ventura The threat landscape is changing. Organizations need to defend against an ever-evolving tranche of threat actors. For a long time, the lines that distinguish state-sponsored and crimeware groups were well-defined. We beli
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others h
Nation-state campaign targets Talos researchers
Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks. We can confirm that multiple Ci
DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
By Warren Mercer, Paul Rascagneres and Vitor Ventura. * The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location. * Even if the command and control (C2) is taken down, the DoNot team can still redirect t
PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
By Warren Mercer, Paul Rascagneres and Vitor Ventura. * The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT. * This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government. * The
The wolf is back...
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line. * We assess w
PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * Azerbaijan government and energy sector likely targeted by an unknown actor. * From the energy sector, the actor demonstrates interest in SCADA systems related to wind turbines. * The actor uses Word docum
JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
By Warren Mercer, Paul Rascagneres and Vitor Ventura with contributions from Eric Kuhla. Updated Jan. 17, 2020: the documents do not exploit the CVE-2017-0199 vulnerability. Executive Summary Today, Cisco Talos is unveiling the details of a new RAT we have identified we're
C2 With It All: From Ransomware To Carding
By Warren Mercer, Paul Rascagneres and Vitor Ventura. Summary Cisco Talos recently discovered a new server hosting a large stockpile of malicious files. Our analysis of these files shows that these attackers were able to obtain a deep level of access to victims' infrastruc