Category: Cyber Threat Intelligence
-
UNC3944 Exploits Azure Serial Console for Complete VM Takeover
A threat group known as UNC3944 (also known as Roasted 0ktapus and Scattered Spider) has been observed hijacking Microsoft Azure admin accounts through phishing and SIM-swapping attacks. The financially motivated group bypasses traditional detection methods within Azure and gains full administrative access to compromised virtual machines (VMs) within victim organizations using Microsoft’s cloud computing service.… Read more
-
Babuk Ransomware-as-a-Service (RaaS) Gaining Popularity
In early 2021, the Babuk ransomware operation emerged, targeting businesses through double-extortion attacks. Multiple large enterprises were attacked, with one victim having to pay $85,000 after negotiations. However, the group faced a setback when their ransomware source code and various encryptors and decryptors were leaked on a Russian-speaking hacking forum in September 2021. Their activities… Read more
-
New “Greatness” Phishing-as-a-Service Tool Already Active in Phishing Campaigns
A new phishing tool called “Greatness” has been discovered and deployed in various phishing campaigns since mid-2022. Security researchers identified several features commonly found in advanced phishing-as-a-service (PaaS) offerings like multi-factor authentication (MFA) bypass, IP filtering, and integration with Telegram bots. Greatness specifically targets victims through Microsoft 365 phishing pages and provides affiliates with an… Read more
-
Sophisticated Techniques Implemented by ViperSoftX InfoStealer to Evade Detection
A widespread cryptocurrency- and information-stealing malware called ViperSoftX has affected numerous victims across consumer and enterprise sectors throughout Australia, Japan, the U.S., and India. ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) that allows remote access and control over infected machines. This evasive malware has recently adopted advanced encryption and anti-analysis techniques to avoid detection.… Read more
-
Akira Ransomware: Targeted Attacks, Data Breaches, and Million-Dollar Ransoms
A new ransomware strain named Akira has emerged, causing significant disruption to corporate networks worldwide. It targets industries such as finance, real estate, and manufacturing. Akira has quickly gained notoriety since its launch in March 2023. Upon execution, Akira deletes Windows Shadow Volume Copies, making file restoration challenging. It selectively encrypts files using various extensions,… Read more
-
San Bernardino County Pays Over $1M in Ransomware Attack
According to the San Bernardino Sun, San Bernardino County in California paid a ransom of $1.1 million to a hacker who had compromised the computer system of the county’s sheriff department. However, the county’s financial losses were partially mitigated by an insurance policy specifically designed to cover events of this nature, resulting in a payout… Read more
-
Enterprise Networks Under Attack by New Malware Toolkit ‘Decoy Dog’.
Cybersecurity researchers have discovered a new malware toolkit named Decoy Dog after analyzing over 70 billion DNS records. Decoy Dog is a sophisticated toolkit that uses techniques like domain aging, when a domain is registered but not used for some time, and DNS query dribbling to evade detection. While the malware’s usage in the wild… Read more
-
BellaCiao Malware linked to APT Charming Kitten
DefendEdge Cyber Threat IntelligenceMichael Spoloric, Analyst The discovery of the BellaCiao malware has once again highlighted the persistent threat posed by state-sponsored hacking groups. Charming Kitten, the group believed to be behind the malware, has a history of targeting organizations and individuals in various regions of the world, including the United States, Europe, the Middle… Read more