SapphireStealer: Open-source information stealer enables credential and data theft
SapphireStealer appears to be delivered as part of a multi-stage infection process, with threat actors leveraging open-source malware downloaders like FUD-Loader to deliver SapphireStealer to potential victims.
New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023 with customized Yashma ransomware.
Malicious campaigns target government, military and civilian entities in Ukraine, Poland
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access.
New Horabot campaign targets the Americas
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.
Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code
Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.
Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities
The stealer is for sale on dark web forums for $59 a month, or $540 for a lifetime subscription, which is relatively inexpensive compared to other infostealers.
Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.
Prometei botnet improves modules and exhibits new capabilities in recent updates
The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.