Cisco Talos Blog

February 8, 2024 08:00

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”

December 21, 2023 11:00

Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware

Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.

November 17, 2023 08:01

A deep dive into Phobos ransomware, recently deployed by 8Base group

Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations.

November 17, 2023 08:01

Understanding the Phobos affiliate structure and activity

Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust are the most common variants

November 9, 2023 08:00

Spammers abuse Google Forms’ quiz to deliver scams

Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms.

November 2, 2023 07:58

Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”

Knowing the common scams is an important step in using the platform safely. The following recommendations help players not fall into scams.

October 31, 2023 07:00

Arid Viper disguising mobile spyware as updates for non-malicious Android applications

Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.

October 25, 2023 08:01

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

September 7, 2023 08:00

Cybercriminals target graphic designers with GPU miners

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware including PhoenixMiner and lolMiner on infected machines.