Over the past two weeks, we saw that AvosLocker is a relatively new ransomware-as-a-service. The Sophos Rapid Response team has so far seen AvosLocker attacks in the Americas, Middle East, and Asia-Pacific, targeting Windows and Linux systems. In addition, we also saw the dirty dozen of Latin America: From Amavaldo to Zumanek.

For more articles, check out our #onpatrol4malware blog.

2022 Cybersecurity Predictions

Source: Outpost24

2021 was the year businesses continued to adapt to new working patterns, digital transformation, and battle the increasing threats from ransomware attacks. Here our panel of security experts shares their predictions for the key security challenges to look out for in 2022. Read more.

AvosLocker Ransomware Uses AnyDesk in Safe Mode to Launch Attacks, Sophos Reports

Source: SOPHOS

AvosLocker is a relatively new ransomware-as-a-service. The Sophos Rapid Response team has so far seen AvosLocker attacks in the Americas, Middle East, and Asia-Pacific, targeting Windows and Linux systems. Read more.

A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard

Source: Check Point 

Check Point published the story of “Jian” — an exploit used by Chinese threat actor APT31 which was “heavily inspired by” an almost-identical exploit used by the Equation Group, made publicly known by the Shadow Brokers leak. Read more.

The dirty dozen of Latin America: From Amavaldo to Zumanek

Source: welivesecurity

ESET started this blogpost series dedicated to demystifying Latin American banking trojans in August 2019. Read more.

APT37 targets journalists with Chinotto multi-platform malware

Source: Bleeping Computer

North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android. Read more.

A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant

Source: impOrtp3

The group is targeting various types of targets of interest to the Chinese government. Notably, the group has been subject to several governmental attribution statements, including Germany, France, Norway, Australia. Read more.

RATDispenser, a new stealthy JavaScript loader used to distribute RATs

Source: Security Affairs

Researchers from the HP Threat Research team have discovered a new stealthy JavaScript loader dubbed RATDispenser that is being used to spread a variety of remote access trojans (RATs) in attacks into the wild. Read more.