Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
By Vanja Svajcer. News summary * Group TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServH
Talos Incident Response quarterly threat report — The top malware families and TTPs used in Q2 2021
By David Liebenberg and Caitlin Huey. Last quarter, ransomware was not the most dominant threat for the first time since we began compiling these reports. We theorized that this was due to a huge uptick in Microsoft Exchange exploitation, which temporarily became a primary focus
Threat Roundup for July 30 to August 6
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 30 and Aug. 6. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Threat Roundup for July 23 to July 30
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 23 and July 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Spotlight: Solarmarker
By Andrew Windsor, with contributions from Chris Neal. Executive summary * Cisco Talos has observed new activity from Solarmarker, a highly modular .NET-based information stealer and keylogger. * A previous staging module, "d.m," used with this malware has been rep
Threat Roundup for July 16 to July 23
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 16 and July 23. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting k
Threat Roundup for July 9 to July 16
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 9 and July 16. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting ke
Threat Roundup for July 2 to July 9
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 2 and July 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key
InSideCopy: How this APT continues to evolve its arsenal
By Asheer Malhotra and Justin Thattil. * Cisco Talos is tracking an increase in SideCopy's activities targeting government personnel in India using themes and tactics similar to APT36 (aka Mythic Leopard and Transparent Tribe). * SideCopy is an APT group that mimics the Si