Welcome to our weekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our weekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

Vulkan Unveiled: the Explosive Collaboration in Russian Cyber Warfare


We have learned that Vulkan plays a central role in Moscow’s cyber warfare endeavours, this partnership pre-dating the Russian invasion of Ukraine. Read more.

Clop Leaks: First Wave of Victims Named


Clop listed 11 additional organizations since our last update on June 16, 2023. In addition, they also leaked data allegedly belonging to one of the newly named organizations. Read more.

VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors


In late 2022, Mandiant published details surrounding a novel malware system deployed by UNC3886, a Chinese cyber espionage group, which impacted VMware ESXi hosts, vCenter servers, and Windows virtual machines (VM). Read more.

Cadet Blizzard emerges as a novel and distinct Russian threat actor

Source: Microsoft

Today, Microsoft Threat Intelligence is sharing updated details about techniques of a threat actor formerly tracked as DEV-0586—a distinct Russian state-sponsored threat actor that has now been elevated to the name Cadet Blizzard. Read more.

Generative AI Enables Threat Actors to Create More (and More Sophisticated) Email Attacks

Source: Abnormal

Platforms including ChatGPT can be used to generate realistic and convincing phishing emails and dangerous malware, while tools like DeepFaceLab can create sophisticated deepfake content including manipulated video and audio recordings. And this is likely only the beginning. Read more.

Cloud Mining Scam Distributes Roamer Banking Trojan

Source: CYBLE

Recently, Cyble Research & Intelligence Labs (CRIL) identified a cloud mining scam involving a Threat Actor (TA) operating a fraudulent website and distributing Android malware to unsuspecting victims through various phishing sites. Read more.

Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames

Source: orca security

In this blog post, we will describe two dangerous vulnerabilities that we found in Azure services—Azure Bastion and Azure Container Registry—that allow Cross-Site Scripting (XSS) by exploiting a weakness in the postMessage iframe. Read more.

Behind the Scenes: Unveiling the Hidden Workings of Earth Preta


This blog entry discusses the more technical details on the most recent tools, techniques, and procedures (TTPs) leveraged by the Earth Preta APT group, and tackles how we were able to correlate different indicators connected to this threat actor. Read more.

ChamelGang and ChamelDoH: A DNS-over-HTTPS implant

Source: Stairwell

An overview of the tools recently identified by Stairwell’s Threat Research has revealed that this group has also devoted considerable time and effort to researching and developing an equally robust toolset for Linux intrusions. One such example is ChamelDoH, a C++ implant designed to communicate via DNS-over-HTTPS (DoH) tunneling. Read more.

Honeypot Recon: Global Database Threat Landscape

Source: Trustwave

As more and more global businesses and organizations rely on DBMS systems to store tons of sensitive information, the risk of targeted attacks and data breaches continues to increase. Read more.

Analyzing the FUD Malware Obfuscation Engine BatCloak


We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable (FUD) capabilities. Read more.

Threat Actor Targets Russian Gaming Community With WannaCry-Imitator

Source: CYBLE

Recently, CRIL uncovered a phishing campaign targeting Russian-speaking gamers intending to distribute ransomware. The TAs behind these malicious campaigns have employed phishing pages designed to closely resemble the legitimate Enlisted Game website. Read more.

Open-Source RATs Leveraged By APT Groups

Source: SOCRadar

In these attacks, it is sometimes observed that APT groups use open-source Remote Access Trojan (RAT) software. In this research paper, why APT groups also utilize open source RATs, the characteristics and detection of these RATs will be discussed in detail. Read more.

Deep dive into the Pikabot cyber threat


Pikabot is a recently discovered malware trojan and? with the June update to Sophos NDR, we have added an additional machine learning model to detect the encrypted traffic pattern of suspect Pikabot communication. Read more.