Cisco Talos Intelligence Blog

August 8, 2023 15:08

What Cisco Talos knows about the Rhysida ransomware

The group appears to commonly deploy double extortion — of the victims that have been listed on the leak site, several of them have had some portion of their exfiltrated data exposed.

July 11, 2023 13:07

Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes

Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic.

July 11, 2023 13:07

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.

June 16, 2023 14:06

Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group

The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.

May 25, 2023 08:05

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).

May 10, 2023 08:05

New phishing-as-a-service tool “Greatness” already seen in the wild

Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.

April 25, 2023 13:04

Video: Everything you need to know about ongoing state-sponsored attacks targeting network infrastructure across the globe

Video explanation of the Jaguar Tooth vulnerabilities with Matt Olney, J.J. Cummings and Hazel Burton.

April 18, 2023 11:04

State-sponsored campaigns target global network infrastructure

This campaign, dubbed "Jaguar Tooth," is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance espionage objectives or pre-position for future destructive activity.

March 30, 2023 18:03

Threat Advisory: 3CX Softphone Supply Chain Compromise

This is just the latest supply chain attack threatening users, after the SolarWinds incident in 2020 and the REvil ransomware group exploiting Kaseya VSA in 2021.