IT threat evolution Q3 2023
Attacks on a critical infrastructure target in South Africa, supply-chain attack on Linux machines, Telegram doppelganger used to target people in China. Continue reading IT threat evolution Q3 2023
Category Archives: CobaltStrike
ToddyCat: Keep calm and check logs
In this article, we’ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations. Continue reading ToddyCat: Keep calm and check logs
South African Power Supplier Hit by DroxiDat Malware
By Deeba Ahmed
Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm…
This is a post from HackRead.com Read the original post: South African Power Supplier Hit … Continue reading South African Power Supplier Hit by DroxiDat Malware
Defining the Cobalt Strike Reflective Loader
The Challenge with Using Cobalt Strike for Advanced Red Team Exercises While next-generation AI and machine-learning components of security solutions continue to enhance behavioral-based detection capabilities, at their core many still rely on signature-based detections. Cobalt Strike being a popular red team Command and Control (C2) framework used by both threat actors and red teams […]
The post Defining the Cobalt Strike Reflective Loader appeared first on Security Intelligence.
Continue reading Defining the Cobalt Strike Reflective Loader
Detecting Cobalt Strike and Hancitor traffic in PCAP
This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you’re going: 😱 OMG he’s analyzing Windows malware on a Windows PC!!! Relax, I know what I’m doing. I have al… Continue reading Detecting Cobalt Strike and Hancitor traffic in PCAP
A new ransomware gang is aiming at big Russian targets, researchers say
Medical labs, banks, manufacturers and software developers in Russia are the prime targets for a new ransomware gang that began operating with custom tools as early as March of this year, according to researchers at the security vendor Group-IB. The attackers insert their hacking tools into networks via malware downloaded through spearphishing emails, then encrypt files and hold them ransom for about $50,000, Group IB says. The group, dubbed OldGremlin, has only targeted Russian companies so far, Group-IB says. It’s rare for a Russian-speaking ransomware group to aim at targets inside Russia but there are precedents, according to Group-IB senior digital forensics analyst Oleg Skulkin, who identified the hacking groups Silence and Cobalt as previous perpetrators. “What distinguishes OldGremlin from other Russian-speaking threat actors is their fearlessness to work in Russia,” Skulkin said. “This indicates that the attackers are either fine-tuning their techniques benefiting from home advantage before going global … or […]
The post A new ransomware gang is aiming at big Russian targets, researchers say appeared first on CyberScoop.
Continue reading A new ransomware gang is aiming at big Russian targets, researchers say
Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says
Hackers connected to a Chinese intelligence agency have infiltrated U.S. government and the private sector entities in recent months by exploiting a series of common vulnerabilities, the FBI and Department of Homeland Security’s cybersecurity agency announced Monday. Attackers tied to China’s civilian intelligence and counterintelligence service, the Ministry of State Security (MSS), have been using phishing emails with malicious links to infiltrate victim organizations, according to the alert. By including malicious software in those messages, hackers are exploiting software flaws in commercial technologies and open-source tools, including services with known fixes. F5 Networks’ Big-IP Traffic Management User Interface, Citrix VPN Appliances, Pulse Secure VPN appliances, and Microsoft Exchange Server are among those affected, says the report from the FBI and DHS’ Cybersecurity and Infrastructure Security Agency (CISA). All of these are tools are open source and commercially available, making potentially high value espionage targets in the U.S. government relatively easy and low-cost for state-sponsored hackers […]
The post Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says appeared first on CyberScoop.
Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail
It’s starting to look like the global private sector might have a real problem on its hands. Despite international media attention and a series of high-profile arrests, some of the world’s most prolific cybercriminals only seem to be accelerating their hacking sprees. Financially motivated hacking groups including FIN7, Cobalt Group and the Contact Crew remain active, staying busy well into this year, according to Accenture Security’s 2019 Threatscape report. The cybercrime syndicates, which have haunted financial and retail companies since at least 2016, have spent the first half of 2019 updating their malicious software tools and expanding their reach. The findings are more bad news for international companies, which last year saw cyberattacks rank among the biggest risks for companies worldwide, according to the World Economic Forum. Now, if Accenture’s 102-page report is any indication, the world’s most capable hackers only are fine-tuning their techniques to carry out targeted intrusions. This comes […]
The post Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail appeared first on CyberScoop.
Continue reading Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail