Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
Cisco Talos has observed a new campaign targeting Turkish private organizations alongside governmental institutions. * Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to Iran's Ministry of Intelligence and Security (MOIS
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
* Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user's information. * According to Cisco Secure product telemetry, the victims of this campaign are primarily distributed across the United States,
SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike
By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spre
Vice Society leverages PrintNightmare in ransomware attacks
Executive Summary Another threat actor is actively exploiting the so-called PrintNightmarevulnerability (CVE-2021-1675 / CVE-2021-34527) in Windows' print spooler service to spread laterally across a victim's network as part of a recent ransomware attack, according to Ci
Attackers in Executive Clothing - BEC continues to separate orgs from their money
By Nick Biasini. In today's world of threat research, the focus tends to be on the overtly malicious practice of distributing and installing malware on end systems. But this is far from the complete picture of what threats organizations face. One of the most, if not the most
Transparent Tribe APT expands its Windows malware arsenal
Transparent Tribe, also known as APT36 and Mythic Leopard, continues to create fake domains mimicking legitimate military and defense organizations as a core component of their operations. Cisco Talos’ previous research has mainly linked this group to CrimsonRAT, but new campaign
Masslogger campaigns exfiltrates user credentials
By Vanja Svajcer. News summary * As protection techniques develop, attackers are finding it harder to successfully attack their targets and must find creative ways to succeed. * Cisco Talos recently discovered a campaign utilizing a variant of the Masslogger trojan designe
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others h
Back from vacation: Analyzing Emotet’s activity in 2020
By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails