Over the last two weeks we saw the new Prestige ransomware that  impacts organizations in Ukraine and Poland. Also, Cisco Talos discovered a new attack framework including a command and control (C2) tool called Alchimist and a new malware Insekt with remote administration capabilities.

For more articles, check out our #onpatrol4malware blog.

HTML File Attachments: Still A Threat

Source: TrustWave

This past month, Trustwave SpiderLabs observed that HTML (Hypertext Markup Language) file attachments had become a common occurrence in our spam traps, which is not unusual since malware is often delivered through phishing spam. Read more.

BlackByte ransomware affiliate observed using new custom data exfiltration tool

Source: SC Media

At least one BlackByte ransomware affiliate has adopted a new custom exfiltration tool to quickly steal data from compromised devices, according to new research from Symantec Threat Hunter Team. Read more.

Ransom Cartel Ransomware: A Possible Connection With REvil

Source: Unit42

Ransom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware. Read more.

New Prestige ransomware impacts organizations in Ukraine and Poland

Source: Microsoft Security Threat Intelligence

The MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload.  Read more.

Banks face their ‘darkest hour’ as malware steps up, maker of antivirus says

Source: The Register

Crimeware targeting banks and other financial services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky’s lead security researcher Sergey Lozhkin. Read more.

Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong

Source: Symantec

Activity appears to be a continuation of previously documented Operation CuckooBees campaign. Symantec has observed a likely continuation of the Operation CuckooBees activity, this time targeting organizations in Hong Kong. Read more.

Black Basta Ransomware

Source: Check Point

As reported by Check Point at the end of H1 2022, 1 out of 40 organizations worldwide were impacted by ransomware attacks, which constitutes a worrying 59% increase over the past year. Read more.

Alchimist: A new attack framework in Chinese for Mac, Linux and Window

Source: Check Point

Cisco Talos discovered a new attack framework including a command and control (C2) tool called “Alchimist” and a new malware “Insekt” with remote administration capabilities. Read more.