Cisco Talos Intelligence Blog

March 22, 2023 15:03

Emotet resumes spam operations, switches to OneNote

Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.

March 15, 2023 19:03

Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild

Cisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild.

March 14, 2023 07:03

Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency

Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.

March 9, 2023 08:03

Prometei botnet improves modules and exhibits new capabilities in recent updates

The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.

February 14, 2023 08:02

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.

January 19, 2023 08:01

Following the LNK metadata trail

While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.

December 20, 2022 08:12

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.

November 17, 2022 08:11

Get a Loda This: LodaRAT meets new friends

* LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. * Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. * Changes in these LodaRAT variants include new f

November 9, 2022 08:11

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

* The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure