The HijackLoader sample exhibits complex multi-stage behavior, including process hollowing, transacted section hollowing, and user mode hook bypass using Heaven’s Gate, to inject and execute the final payload while evading detection.

Between early 2022 and 2023, CrowdStrike Intelligence observed IMPERIAL KITTEN conduct SWC operations with a focus on targeting organizations in the transportation, logistics, and technology sectors.

In addition to the investment, Salt Security and CrowdStrike are partnering to bring together leading technology to apply API discovery and runtime protection on applications, and enable security testing to harden APIs before release.

The phishing email implies the recipient’s company has been breached and insists the victim call the included phone number. The campaign leverages similar social-engineering tactics to those employed in WIZARD SPIDER’s 2021 BazarCall campaign.

Popular for compromising internet-connected devices and conducting distributed denial of service (DDoS) attacks, Mirai malware variants have been known to compromise devices that run on Linux builds.

Cybercrime has evolved over the past several years from simple “spray and pray” attacks to a sophisticated criminal ecosystem centered around highly effective monetization techniques that enable adversaries to maximize success and profitability.

There may be a risk of retaliatory activity by threat actors supporting the Russian Federation, against organizations being leveraged to unwittingly conduct disruptive attacks against government, military, and civilian websites.

The initial installers were masquerading as legitimate installers, but the programs were also packaged with malicious scripts and payloads to perform automated reconnaissance and download the Zloader trojan, and in some cases, Cobalt Strike.

At the start of 2022, CrowdStrike found PROPHET SPIDER exploiting CVE-2021-22941 vulnerability impacting Citrix ShareFile Storage Zones Controller to compromise a Microsoft IIS web server.

Analysis of the ransomware indicates it superficially encrypts files and does not properly initialize the encryption key, making the encrypted file with the .encryptedJB extension recoverable.