In the second half of April, we noticed a growing wave of cyber attacks Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links.

 

For more articles, check out our #onpatrol4malware blog.

Investigating a unique “form” of email delivery for IcedID malware

Source: Microsoft

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. Read more.

BazarLoader deploys a pair of novel spam vectors

Source: SophosNews

Several waves of a spam-driven malware campaign that began in January leveraged the name recognition of remote-work collaboration tools like Slack and BaseCamp in links to malware. Read more.

Lazarus BTC Changer

Source: Group IB

In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple nature of such attacks combined with the use of malicious JavaScript. Read more.

Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware

Source: eSentire

eSentire, a leading cybersecurity solutions provider, reported today that business professionals are currently being lured to hacker-controlled websites, hosted on Google Sites, and inadvertently installing a known, emerging Remote Access Trojan (RAT). Read more.

Ranson mafia. Analysis of the world’s first ransomware cartel. 

Source: Analyst1

In February 2021, a multinational law enforcement task-force arrested several Ukrainian men for supporting a long-standing ransomware gang known as Twisted Spider. The gang, first seen in May 2019, is behind high-dollar enterprise ransomware attacks. Read more.

Transparent Tribe APT Infrastructure Mapping

Source: Team Cymru

Transparent Tribe (APT36, Mythic Leopard, ProjectM, Operation C-Major) is the name given to a threat actor group largely targeting Indian entities and assets. Read more.

A Deep Dive into Zebrocy’s Dropper Docs

Source: SentinelLabs

Sofacy is an APT threat actor that’s been around since 2008 and rose to prominence with the election hacks of 2016. Better known as FancyBear or APT28. Read more.

Nearly half of malware now use TLS to conceal communications

Source: SophosNews

Transport Layer Security has been one of the greatest contributors to the privacy and security of Internet communications over the past decade. Read more.