Over the past two weeks, we saw the operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Also, Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting users’ information.
For more articles, check out our #onpatrol4malware blog.
NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
NOBELIUM is another name for the APT29 intrusion set¹, operated by a threat actor allegedly linked to the SVR (the Foreign Intelligence Service of the Russian Federation)². Read more.
DNS Over HTTPS: 3 Strategies for Enterprise Security Monitoring
Source: Carnegie Mellon University
DoH is a protocol for performing DNS transactions via an encrypted HTTPS channel. In this post, Sean Hutchison discusses DNS over HTTPS and provide enterprise defenders with three strategies for security monitoring. Read more.
Experts warn of attacks using a new Linux variant of SFile ransomware
Source: Security Affairs
The operators of the SFile ransomware (aka Escal) have developed a Linux version of their malware to expand their operations. SFile ransomware (aka Escal), has been active since 2020, it was observed targeting only Windows systems. Read more.
Nanocore, Netwire and AsyncRAT spreading campaign uses public cloud infrastructure
Cisco Talos discovered a malicious campaign in October 2021 delivering variants of Nanocore, Netwire and AsyncRATs targeting user’s information. Read more.
EXPLOITING URL PARSING CONFUSION
Claroty’s Team82, in collaboration with Snyk’s research team, has conducted an extensive research project examining URL parsing primitives, and discovered major differences in the way many different parsing libraries and tools handle URLs. Read more.
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September, is among the latest examples until now. Read more.
Patchwork APT caught in its own web
Source: Malwarebytes Labs
Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear-phishing attacks. Read more.