Emotet resumes spam operations, switches to OneNote
Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.
Threat Advisory: Microsoft Outlook privilege escalation vulnerability being exploited in the wild
Cisco Talos is urging all users to update Microsoft Outlook after the discovery of a critical vulnerability, CVE-2023-23397, in the email client that attackers are actively exploiting in the wild.
Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.
Prometei botnet improves modules and exhibits new capabilities in recent updates
The high-profile botnet, focused on mining cryptocurrency, is back with new Linux versions.
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims.
Following the LNK metadata trail
While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
Get a Loda This: LodaRAT meets new friends
* LodaRAT samples were deployed alongside other malware families, including RedLine and Neshta. * Cisco Talos identified several variants and altered versions of LodaRAT with updated functionality have been seen in the wild. * Changes in these LodaRAT variants include new f
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
* The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure