In the first half of March, we recently observed a new series of Microsoft-themed phishing attacks. Also, with ransomware becoming the most significant cybersecurity threat faced by organizations, we found a distinct shift in the cyber threat landscape.
For more articles, check out our #onpatrol4malware blog.
Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
We believe with high confidence that these surveillance tools are used by the advanced persistent threat group (APT) Confucius, which first appeared in 2013 as a state-sponsored. Read more.
Cyber Threats 2020: A Year in Retrospect
2020 saw a distinct shift in the cyber threat landscape, with ransomware becoming the most significant cybersecurity threat faced by organizations, irrespective of industry sector or location. Read more.
Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East
Trend Micro researchers recently detected activity targeting various organizations in the Middle East and neighboring regions. We were tipped off to this activity in part by research from Anomali, which also identified a campaign targeting similar victims. Read more.
SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
In late 2020, Secureworks® Counter Threat Unit™ (CTU) researchers observed a threat actor exploiting an internet-facing SolarWinds server to deploy the SUPERNOVA web shell. Read more.
Microsoft-Themed Phishing Attack Targets Executives Using Fake Google reCAPTCHA Technique
ThreatLabZ, the Zscaler threat research team, recently observed a new series of Microsoft-themed phishing attacks aimed at senior-level employees at multiple organizations. The Zscaler cloud has blocked over 2,500 of these phishing. Read more.
FIN8 Returns with Improved BADHATCH Toolkit
In January 2016, a new financially motivated threat actor group made its debut. Dubbed FIN8, this group is known to have used a diverse array of techniques, from spear-phishing to zero-day exploits in Windows. Read more.
ObliqueRAT returns with new campaign using hijacked websites
Cisco Talos recently discovered another new campaign distributing the malicious remote access trojan (RAT) ObliqueRAT. In the past, Talos connected ObliqueRAT and another campaign from December 2019 distributing CrimsonRAT. Read more.
Threat Actors Target Victims by Promising COVID-19 Relief, Vaccines, and Variant News
As COVID-19 vaccinations accelerate and the U.S. coronavirus relief package nears enactment, threat actors continue to use the ongoing crisis to exploit fears. Read more.