Collaborate Disseminate
Recent attacks targeting intellectual property (IP) and critical infrastructure are raising the security stakes for manufacturing organizations, as the industry records one of the highest attack rates of any sector since the onset of COVID-19. One in … Continue reading Cybercriminals Increasingly Target Manufacturing, IP
Intro:
The Morphisec Labs team has tracked a unique and ongoing RAT delivery campaign that started in February of this year. This campaign is unique in that it heavily uses the AutoHotKey scripting language—a fork of the AutoIt language that is f… Continue reading AHK RAT Loader Used in Unique Delivery Campaigns
Introduction
Morphisec has recently monitored a highly sophisticated Crypter-as-a-Service that delivers numerous RAT families onto target machines.
The Crypter is most commonly delivered through phishing emails, which lead to the download of a vi… Continue reading Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
Introduction
The developers of the Phobos ransomware have added new fileless and evasive techniques to their arsenal. Constantly keeping their attack up to date helps them bypass detection technologies through several distinct approaches, the lat… Continue reading The “Fair” Upgrade Variant of Phobos Ransomware
Introduction
During 2021 Morphisec identified an increased usage of the “HCrypt” crypter. In this post, we will lockpick “HCrypt” – a crypter as a service that is marketed as a FUD (fully undetectable) loader for the client`s RAT of choice. We cho… Continue reading Tracking HCrypt: An Active Crypter as a Service
Introduction
The MineBridge RAT was first identified in January 2020 by security researchers at FireEye, who observed the backdoor attacking financial institutions in the United States with some targets located in South Korea as well. MineBridge … Continue reading MineBridge Is on the Rise, With a Sophisticated Delivery Mechanism
Introduction
Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.
The post Egregor Ransomware Adopting New Techni… Continue reading Egregor Ransomware Adopting New Techniques
Introduction
In this post, we will be covering CinaRAT loader`s evasive TTPs (tactics, techniques, and procedures) as have been identified and prevented by Morphisec’s zero-trust endpoint security solution, powered by moving target defense technol… Continue reading CinaRAT Resurfaces With New Evasive Tactics and Techniques
Morphisec Labs has been tracking FIN7 (Carbanak Group) activity for the past several years. Morphisec’s ability to collect rich forensic data from memory has provided unique visibility into multiple FIN7 campaigns that our researchers were proud t… Continue reading The Evolution of the FIN7 JSSLoader
An Infostealer is a trojan that is designed to gather and exfiltrate private and sensitive information from a target system. There is a large variety of info stealers active in the wild, some are independent and some act as a modular part of a lar… Continue reading The introduction of the Jupyter InfoStealer/Backdoor