New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants
Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.
What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS
Confusion over whether some name is a public DNS name or another private resource can cause sensitive data to fall into the hands of unintended recipients.
Lazarus Group's infrastructure reuse leads to discovery of new malware
Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.
New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023 with customized Yashma ransomware.
Malicious campaigns target government, military and civilian entities in Ukraine, Poland
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access.
".Zip" top-level domains draw potential for information leaks
As a result of user applications increasingly registering actual “.zip” files as URLs, these filenames may trigger unintended DNS queries or web requests, thereby revealing possibly sensitive or internal company data in a file’s name to any actor monitoring the associated DNS server
New Horabot campaign targets the Americas
Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).