Collaborate Disseminate
North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo … Continue reading North Korean hackers pave the way for Play ransomware
On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be. InteIBroker claims to have access to &… Continue reading Zscaler swats claims of a significant breach
New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the IcedID loader. Malware delivery campaigns “[Latrodectus] was first observ… Continue reading New Latrodectus loader steps in for Qbot
A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal employees’ NTLM hashes. Why are they after NTLM hashes? NT LAN Manager (NTLM… Continue reading Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes
A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. “For this activity, Storm-0324 most likely relies on a publicly available tool called TeamsPhisher,R… Continue reading Microsoft Teams phishing: Enterprises targeted by ransomware access broker
Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially motivated attackers. No organization is spared, not even agencies of the US federa… Continue reading Attackers use portable executables of remote management software to great effect
The Ukrainian CERT (CERT-UA) has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are leveraging a specific version of the Somnia ransomware that, “according to … Continue reading Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands
U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. #Yanluowang #ransomware is claiming to have breached #Cisco ! Without any further info… Continue reading Cisco has been hacked by a ransomware gang
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered by Rapid 7 researcher Jake Baines and disclosed to Zyxel on April 13, it was f… Continue reading Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
Automation might be the way to go for many things, but a recently published report by Google’s Threat Analysis Group (TAG) shows why targeted phishing campaigns performed by human operators are often successful, and how the Conti ransomware gang … Continue reading The TTPs of Conti’s initial access broker