Cisco Talos Blog

May 26, 2021 08:00

Elizabethan England has nothing on modern-day Russia

This post was authored by Warren Mercer and Vitor Ventura The threat landscape is changing. Organizations need to defend against an ever-evolving tranche of threat actors. For a long time, the lines that distinguish state-sponsored and crimeware groups were well-defined. We beli

February 9, 2021 14:17

Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows

* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others h

January 26, 2021 11:44

Nation-state campaign targets Talos researchers

Google's Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG's blog outlines the attacker's motivations and various TTPs used in these attacks. We can confirm that multiple Ci

October 29, 2020 08:00

DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread

By Warren Mercer, Paul Rascagneres and Vitor Ventura. * The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location. * Even if the command and control (C2) is taken down, the DoNot team can still redirect t

October 6, 2020 10:52

PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

By Warren Mercer, Paul Rascagneres and Vitor Ventura. * The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT. * This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government. * The

May 19, 2020 13:00

The wolf is back...

By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line. * We assess w

April 16, 2020 13:52

PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors

By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * Azerbaijan government and energy sector likely targeted by an unknown actor. * From the energy sector, the actor demonstrates interest in SCADA systems related to wind turbines. * The actor uses Word docum

January 16, 2020 14:18

JhoneRAT: Cloud based python RAT targeting Middle Eastern countries

By Warren Mercer, Paul Rascagneres and Vitor Ventura with contributions from Eric Kuhla. Updated Jan. 17, 2020: the documents do not exploit the CVE-2017-0199 vulnerability. Executive Summary Today, Cisco Talos is unveiling the details of a new RAT we have identified we're

November 4, 2019 11:03

C2 With It All: From Ransomware To Carding

By Warren Mercer, Paul Rascagneres and Vitor Ventura. Summary Cisco Talos recently discovered a new server hosting a large stockpile of malicious files. Our analysis of these files shows that these attackers were able to obtain a deep level of access to victims' infrastruc