Cisco Talos Blog

July 21, 2022 08:00

Attackers target Ukraine using GoMet backdoor

Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed a

July 13, 2022 19:58

Transparent Tribe begins targeting education sector in latest campaign

* Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group. * This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government ent

May 18, 2022 02:00

The BlackByte ransomware group is striking users all over the globe

News summary * Cisco Talos has been monitoring the BlackByte Ransomware Group for several months, infecting victims all over the world, from North America to Colombia, Netherlands, China, Mexico and Vietnam. * The FBI released a joint cybersecurity advisory in February 2022 wa

May 11, 2022 08:00

Bitter APT adds Bangladesh to their targets

* Cisco Talos has observed an ongoing malicious campaign since August 2021 from the Bitter APT group that appears to target users in Bangladesh, a change from the attackers' usual victims. * As part of this, there's a new trojan based on Apost Talos is calling "Zxx

May 3, 2022 08:00

Conti and Hive ransomware operations: What we learned from these groups' victim chats

As part of Cisco Talos’ continuous efforts to learn more about the current ransomware landscape, we recently examined a trove of chat logs between the Conti and Hive ransomware gangs and their victims. Ransomware-as-a-service groups have exploded in popularity over the past few

April 14, 2022 07:59

Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer

Update (04/14/22): Following the initial publication of this blog, we observed a new post in the Haskers Gang Telegram channel announcing that ownership of the ZingoStealer project is being transferred to a new threat actor. We also observed the malware author offering to sell t

April 5, 2022 08:00

Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter

By Edmund Brumaghin, with contributions from Alex Karkins. * Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims. * The infections leverage process injection to evade detection by endpoint securit

March 29, 2022 08:01

Transparent Tribe campaign uses new bespoke malware to target Indian government officials

By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. * Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well-known malware of choi

March 17, 2022 07:58

From BlackMatter to BlackCat: Analyzing two attacks from one affiliate

* BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months. * There are rumors of a relationship between BlackCat and the BlackMatter/DarkSide ransomware groups, infamous for attacking the Colon