Melissa Frydrych – WindowsTechs.com

BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan

Posted on July 14, 2023 by Melissa Frydrych

In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations […]

The post BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan appeared first on Security Intelligence.

Continue reading BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan→

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

Posted on April 26, 2022 by Melissa Frydrych

Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The campaign masquerades as official communications from the Russian Government’s Federal Bailiffs Service, the Russian-language emails […]

The post Hive0117 Continues Fileless Malware Delivery in Eastern Europe appeared first on Security Intelligence.

Continue reading Hive0117 Continues Fileless Malware Delivery in Eastern Europe→

Nation State Threat Group Targets Airline with Aclip Backdoor

Posted on December 15, 2021 by Melissa Frydrych

In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic, or traffic with underlying […]

The post Nation State Threat Group Targets Airline with Aclip Backdoor appeared first on Security Intelligence.

Continue reading Nation State Threat Group Targets Airline with Aclip Backdoor→

RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation

Posted on July 12, 2021 by Melissa Frydrych

In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first quarter of 2021. With over 1,300 malware samples collected, the teams analyzed the delivery of […]

The post RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation appeared first on Security Intelligence.

Continue reading RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation→

An Update: The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target

Posted on April 14, 2021 by Melissa Frydrych

In December 2020, IBM Security X-Force released a research blog disclosing that the COVID-19 cold chain — an integral part of delivering and storing COVID-19 vaccines at safe temperatures — was targeted by cyber adversaries. After that first report, we recently discovered an additional 50 files tied to spear-phishing emails that targeted 44 companies in […]

The post An Update: The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target appeared first on Security Intelligence.

Continue reading An Update: The COVID-19 Vaccine’s Global Cold Chain Continues to Be a Target→

SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT

Posted on April 27, 2020 by Melissa Frydrych

As the ongoing COVID-19 pandemic impacts small businesses in the U.S., cybercriminals are trusting that people will be more likely to open unsolicited emails purporting to come from relevant entities.

The post SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT appeared first on Security Intelligence.

Continue reading SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT→

TA505 Continues to Infect Networks With SDBbot RAT

Posted on April 14, 2020 by Melissa Frydrych

IBM X-Force IRIS recently identified attacks likely linked to Hive0065, also known as TA505, which spread the SDBbot remote-access Trojan (RAT) alongside other custom malware.

The post TA505 Continues to Infect Networks With SDBbot RAT appeared first on Security Intelligence.

Continue reading TA505 Continues to Infect Networks With SDBbot RAT→

EnigmaSpark: Politically Themed Cyber Activity Highlights Regional Opposition to Middle East Peace Plan

Posted on March 18, 2020 by Melissa Frydrych

In recent analysis of malicious activity likely targeting entities based in the Middle East, IBM X-Force IRIS discovered a backdoor malware strain we named “EnigmaSpark.”

The post EnigmaSpark: Politically Themed Cyber Activity Highlights Regional Opposition to Middle East Peace Plan appeared first on Security Intelligence.

Continue reading EnigmaSpark: Politically Themed Cyber Activity Highlights Regional Opposition to Middle East Peace Plan→