Cisco Talos Blog

February 8, 2024 08:00

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”

December 11, 2023 08:50

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang

Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.

November 30, 2023 08:00

New SugarGh0st RAT targets Uzbekistan government and South Korea

Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”

November 2, 2023 07:58

Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”

Knowing the common scams is an important step in using the platform safely. The following recommendations help players not fall into scams.

October 31, 2023 07:00

Arid Viper disguising mobile spyware as updates for non-malicious Android applications

Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.

October 25, 2023 08:01

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

October 5, 2023 07:00

Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown

The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails.

September 19, 2023 08:00

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants

Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.

August 29, 2023 08:00

What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS

Confusion over whether some name is a public DNS name or another private resource can cause sensitive data to fall into the hands of unintended recipients.