Cisco Talos Intelligence Blog

March 29, 2022 08:03

Transparent Tribe campaign uses new bespoke malware to target Indian government officials

* Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well-known malware of choice, they are also using new stagers and implants. * This campaign, which has be

February 2, 2022 08:02

Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware

Cisco Talos has observed a new wave of Delphi malware called Micropsia developed and operated by the Arid Viper APT group since 2017. * This campaign targets Palestinian entities and activists using politically themed lures. * The latest iteration of the implant contains multi

January 12, 2022 08:01

Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure

* Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user's information. * According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across the United States, Ita

September 30, 2021 08:09

A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus

By Vitor Ventura and Arnaud Zobec. Threat actors are impersonating the group Amnesty International and promising to protect against the Pegasus spyware as part of a scheme to deliver malware. Amnesty International recently made international headlines when it released a groundb

August 19, 2021 07:08

Malicious Campaign Targets Latin America: The seller, The operator and a curious link

* Cisco Talos has observed a new malware campaign delivering commodity RATs, including njRAT and AsyncRAT. * The campaign targets travel and hospitality organizations in Latin America. * Techniques utilized in this campaign bear a resemblance to those of the Aggah group but ar

June 3, 2021 08:06

Necro Python bot adds new exploits and Tezos mining to its bag of tricks

By Vanja Svajcer, with contributions from Caitlin Huey and Kendall McKay. News summary * Some malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and

April 21, 2021 07:04

A year of Fajan evolution and Bloomberg themed campaigns

By Vanja Svajcer. News summary * Some malware campaigns are designed to spread malware to as many people as possible — while some others carefully choose their targets. Cisco Talos recently discovered a malware campaign that does not fit in any of the two categories. This ac

March 2, 2021 08:03

ObliqueRAT returns with new campaign using hijacked websites

By Asheer Malhotra. * Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. * This campaign targets organizations in South Asia. * ObliqueRAT has been linked to t

November 12, 2020 08:11

CRAT wants to plunder your endpoints

* Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. * Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. * One of the plugins is a ransomware known as "