+1.813.321.0987

Over the past two weeks, we saw the operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Also, Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting users’ information.

For more articles, check out our #onpatrol4malware blog.

NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies

Source: SEKOIA.IO

NOBELIUM is another name for the APT29 intrusion set¹, operated by a threat actor allegedly linked to the SVR (the Foreign Intelligence Service of the Russian Federation)². Read more.

DNS Over HTTPS: 3 Strategies for Enterprise Security Monitoring

Source: Carnegie Mellon University

DoH is a protocol for performing DNS transactions via an encrypted HTTPS channel. In this post, Sean Hutchison discusses DNS over HTTPS and provide enterprise defenders with three strategies for security monitoring. Read more.

Experts warn of attacks using a new Linux variant of SFile ransomware

Source: Security Affairs

The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Read more.

Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure

Source: CISCO

Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user’s information. Read more.

EXPLOITING URL PARSING CONFUSION

Source: Claroty

Claroty’s Team82, in collaboration with Snyk’s research team, has conducted an extensive research project examining URL parsing primitives, and discovered major differences in the way many different parsing libraries and tools handle URLs. Read more.

New SysJoker Backdoor Targets Windows, Linux, and macOS

Source: Intezer

Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now. Read more.

Patchwork APT caught in its own web

Source: Malwarebytes Labs

Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear-phishing attacks. Read more.