Cisco Talos Intelligence Blog

November 19, 2021 14:11

Threat Roundup for November 12 to November 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 12 and Nov. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behaviora

November 10, 2021 17:11

North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets

* Cisco Talos has observed a new malware campaign operated by the Kimsuky APT group since June 2021. * Kimsuky, also known as Thallium and Black Banshee, is a North Korean state-sponsored advanced persistent threat (APT) group active since 2012. * This campaign utilizes malici

November 5, 2021 13:11

Threat Roundup for October 29 to November 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 29 and Nov. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral

November 3, 2021 08:11

Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk

By Chetan Raghuprasad and Vanja Svajcer, with contributions from Caitlin Huey. * Cisco Talos recently discovered a malicious campaign deploying variants of the Babuk ransomware predominantly affecting users in the U.S. with smaller number of infections in U.K., Germany, Ukraine

October 28, 2021 08:10

Quarterly Report: Incident Response trends from Q3 2021

Ransomware again dominated the threat landscape, while BEC grew By David Liebenberg and Caitlin Huey. Once again, ransomware was the most dominant threat observed in Cisco Talos Incident Response (CTIR) engagements this quarter. CTIR helped resolve several significant ransomwa

October 26, 2021 08:10

SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike

By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spread with increa

October 22, 2021 16:10

Threat Roundup for October 15 to October 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behaviora

October 19, 2021 20:10

Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India

.docx, .xlsx, .xls, .doc, .ppt, .pptx, .pdf, .xlt, .xla, .xll, .pps, .pot File enumeration via cmd.exe. File infector  Traditional file infectors usually target executables such as EXEs to infect targets with malicious code. Other script-based worms, such as Jenxcus, would

October 15, 2021 17:10

Threat Roundup for October 8 to October 15

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 8 and Oct. 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral