DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos

Following the discovery of Hafnium attacks targeting Microsoft Exchange vulnerabilities, the Cybereason Nocturnus and Incident Response teams proactively hunted for various threat actors trying to leverage similar techniques in-the-wild. In the… Continue reading DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos

Cybereason vs. Prometheus Ransomware

Prometheus is a relatively new variant of the Thanos ransomware that is operated independently by the Prometheus group, and was first observed in February of 2021. In just a short period of time, Prometheus caused a lot of damage, and breached over 40 … Continue reading Cybereason vs. Prometheus Ransomware

Report: Ransomware Attacks and the True Cost to Business

Ransomware attacks have continued to make headlines, and for good reason: on average, there is a new ransomware attack every 11 seconds, and the losses to organizations from ransomware attacks is projected to reach $20 billion over the course of 2… Continue reading Report: Ransomware Attacks and the True Cost to Business

PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector

The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors… Continue reading PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector

Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities

Recently, the Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America, observing that the attackers exploited recently published Microsoft Exchange … Continue reading Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities

Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities

Recently, the Cybereason Nocturnus Team responded to several incident response (IR) cases involving infections of the Prometei Botnet against companies in North America, observing that the attackers exploited recently published Microsoft Exchange … Continue reading Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities