The group appears to commonly deploy double extortion — of the victims that have been listed on the leak site, several of them have had some portion of their exfiltrated data exposed.
Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic.
Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.
Video: Everything you need to know about ongoing state-sponsored attacks targeting network infrastructure across the globe
Video explanation of the Jaguar Tooth vulnerabilities with Matt Olney, J.J. Cummings and Hazel Burton.
This campaign, dubbed "Jaguar Tooth," is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity.
This is just the latest supply chain attack threatening users, after the SolarWinds incident in 2020 and the REvil ransomware group exploiting Kaseya VSA in 2021.