Following the LNK metadata trailJanuary 19, 2023 08:00
While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.
HTML smugglers turn to SVG imagesDecember 13, 2022 15:30
* HTML smuggling is a technique attackers use to hide an encoded malicious script within an HTML email attachment or webpage. * Once a victim receives the email and opens the attachment, their browser decodes and runs the script, which then assembles a malicious payload directly on the victim’s device. * Talos
What Talos Incident Response learned from a recent Qakbot attack hijacking old email threadsJuly 27, 2022 08:00
By Nate Pors and Terryn Valikodath. Executive summary * In a recent malspam campaign delivering the Qakbot banking trojan, Cisco Talos Incident Response (CTIR) observed the adversary using aggregated, old email threads from multiple organizations that we assess were likely harvested during the 2021 ProxyLogon-related compromises targeting vulnerable Microsoft Exchange servers.