Blogs

Overview: 

Highly Evasive Adaptive Threats, or HEAT attacks, are a new form of existing browser exploit techniques that leverage features and tools to bypass traditional security controls and then attack from within, compromising credentials or deploying ransomware. HEAT attacks go beyond traditional phishing methods and target web-based tools critical to productivity, frequently exploiting SaaS (Software as a Service) applications. 

Summary  

Chinese-linked Tick advanced persistent threat (APT) group, a.k.a. Bronze Butler, REDBALDKNIGHT, Stalker Panda, and Stalker Taurus, has been attributed to a long-lasting operation against an East Asian data loss prevention (DLP) software company. During this extensive intrusion, Tick deployed at least three different types of malware, including a previously unknown downloader.

Summary 

AlienFox, a new module toolkit, is allowing threat actors to steal authentication secrets and credentials from cloud-based web hosting and email services through misconfigured servers. The threat actors claim that AlienFox can search for common misconfigured cloud endpoints in Laravel, Drupal,. Joomla, Magento, Opencart, Prestashop, and WordPress frameworks.

DEV-0147, a group believed to be state-sponsored by China, has been observed targeting diplomatic entities in South America using common espionage and exfiltration tools such as ShadowPad, which is frequently used by other Chinese threat actors. Microsoft reports that this new campaign represents an expansion of the group's data exfiltration operations, which have previously focused on targeting government agencies and think tanks in Asia and Europe. 

Widely regarded as one of the most effective solutions in the security information and event management (SIEM) space, Microsoft Sentinel was named a Leader in the 2022 Gartner Magic Quadrant for SIEM and positioned highest on the “Ability to Execute” axis. Microsoft Sentinel is built to provide the most holistic threat monitoring and detection platform available to stop breaches.  

Cyberattacks continue to evolve, and you should expect the same from your MDR provider.   

How the Mirai botnet creators used Golang to make it even more sophisticated and dangerous

Summary  

North Korean advanced persistent threat (APT) actor, Kimsuky (a.k.a. TA406, Thallium, and Velvet Chollima) is leveraging several spear phishing campaigns to conduct cyber-espionage against diplomats, journalists, government agencies, university professors, and politicians.

According to CIO.com, 58% of organizations aren’t adequately measuring the effectiveness of their cybersecurity program. That number is even more shocking when you consider how the average global cost of a data breach reached $4.35 million in 2022.

YoroTrooper is a newly discovered advanced persistent threat (APT) group that has been targeting government and energy organizations across Europe, with a particular focus on CIS countries and embassies. CIS stands for the Commonwealth of Independent States, which is a regional intergovernmental organization made up of former Soviet republics. The CIS was formed in 1991 after the collapse of the Soviet Union and currently consists of Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Turkmenistan, and Uzbekistan.

Introduction: What is DarkCloud? 

DarkCloud is an Information Stealer Malware that was first spotted by researchers in 2022. Such malware is designed to collect sensitive information from a victim’s computer or mobile device. The builders of DarkCloud state that threat actors will be able to tailor the payload of the stealer based on their needs. DarkCloud Stealer operates through a multi-stage process, with the final payload written in Visual Basic, being loaded into memory during the last stage.

In recent years, cyberattacks targeting research organizations have been on the rise. These attacks are often carried out by sophisticated threat actors, seeking to gain access to valuable intellectual property, research findings, and other sensitive information. One such group that has recently been observed is Clasiopa, a previously unknown threat actor that has been targeting a materials research organization in Asia.