Cisco Talos Intelligence Blog

November 9, 2022 08:11

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

* The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure

November 8, 2022 11:11

Emotet coming in hot

Emotet is a ubiquitous and well-known banking trojan that has evolved over the years to become a very successful modular botnet capable of dropping a variety of other threats. Even after a global takedown campaign in early 2021 disrupted the botnet, it reemerged later that year,

October 13, 2022 08:10

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.

September 28, 2022 08:09

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

Cisco Talos recently discovered a malicious campaign with a modularised attack technique to deliver Cobalt Strike beacons on infected endpoints.

September 15, 2022 09:09

Gamaredon APT targets Ukrainian government agencies in new campaign

Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives.

September 8, 2022 08:09

Lazarus and the tale of three RATs

Cisco Talos assesses with high confidence these attacks have been conducted by the North Korean state-sponsored threat actor Lazarus Group.

September 7, 2022 08:09

MagicRAT: Lazarus’ latest gateway into victim networks

Cisco Talos has discovered a new remote access trojan (RAT) we're calling "MagicRAT," developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor.

September 1, 2022 13:09

ModernLoader delivers multiple stealers, cryptominers and RATs

* Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. * The actors use PowerShell, .NET assemb

August 4, 2022 08:08

Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns

By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec. Executive Summary * Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries. * It is marketed as a means to enable remote acc