Over the last two weeks, we saw the news article from Cisco Talos, they discovered a new remote access trojan (RAT) called MagicRAT, developed and operated by the Lazarus APT group. Also read more about the Shikitega, a new stealthy malware targeting Linux.
For more articles, check out our #onpatrol4malware blog.
Raspberry Robin and Dridex: Two Birds of a Feather
Source: Security Intelligence
IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Read more.
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
Snake Keylogger has slithered its way back into the threat landscape this week in a new malspam campaign that appears to be targeting IT decision makers within organizations. Read more.
Worok: The big picture
Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files. Read more.
BianLian Ransomware Gang Gives It a Go!
Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. The actor deploying custom malware that was written in the Go programming language. Read more.
MagicRAT: Lazarus’ latest gateway into victim networks
Cisco Talos has discovered a new remote access trojan (RAT) we’re calling “MagicRAT,” developed and operated by the Lazarus APT group, which the U.S. government believes is a North Korean state-sponsored actor. Read more.
APT42: Crooked Charms, Cons, and Compromises
Report detailing APT42, an Iranian state-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian government. Read more.
Shikitega – New stealthy malware targeting Linux
Source: AT&T Cybersecurity
Shikitega is delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist. Read more.
Russian Sandworm APT impersonates Ukrainian telcos to deliver malware
Source: Security Affairs
Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Read more.