Threat Brief: OWASSRF Vulnerability Exploitation
We analyze the new exploit method for Microsoft Exchange Server, OWASSRF, noting that all exploit attempts we've observed use the same PowerShell backdoor, which we track as SilverArrow. Read the...
View ArticleThreat Group Assessment: Mallox Ransomware
Mallox ransomware activity has increased in 2023. Our assessment of this gang and their recent behavior includes attack types and recruitment efforts. The post Threat Group Assessment: Mallox...
View ArticleNodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts
The infostealer NodeStealer was observed in a phishing campaign targeting Facebook business pages. We analyze the two variants delivered and their capabilities. The post NodeStealer 2.0 – The Python...
View ArticleUnit 42 Researchers Discover Multiple Espionage Operations Targeting...
We investigate espionage attacks on a Southeast Asian government. Initially considered a single actor, it was in fact three separate threat actor clusters. Each cluster displayed unique tools and...
View ArticlePersistent Attempts at Cyberespionage Against Southeast Asian Government...
We analyze waves of attacks on a Southeast Asian government linked to Alloy Taurus. By exploiting exchange servers, the attackers established a foothold for long-term espionage. The post Persistent...
View ArticleCyberespionage Attacks Against Southeast Asian Government Linked to Stately...
APT Stately Taurus (aka Mustang Panda) conducted cyber espionage against a Southeast Asian government, including data exfiltration from compromised networks. The post Cyberespionage Attacks Against...
View ArticleRare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack...
Threat activity targeting a Southeast Asian government could provide insight into the workings of APT Gelsemium. We examine the rare TTPs we observed in two attacks. The post Rare Backdoors Suspected...
View ArticleDiving Into Glupteba's UEFI Bootkit
A 2023 Glupteba campaign includes an unreported feature — a UEFI bootkit. We analyze its complex architecture and how this botnet has evolved. The post Diving Into Glupteba's UEFI Bootkit appeared...
View Article
More Pages to Explore .....