Symantec

Alpha Ransomware Emerges From NetWalker Ashes

The Alpha ransomware operation appears to be linked to the previously inactive NetWalker ransomware, suggesting a potential revival or acquisition of the original payload.

Iranian APT Group Targets Telecom Organizations in North and East Africa

Seedworm (aka Muddywater) continues to use a combination of living-off-the-land and publicly available tools, but has also developed its own custom tools, such as a custom build of Venom Proxy and a custom keylogger.

New Campaign by Iranian APT Group Targets Middle Eastern Government

The attackers made use of legitimate tools like Plink to configure port-forwarding rules, enabling remote access via the Remote Desktop Protocol (RDP), and modified Windows firewall rules to facilitate their activities.
October 10, 2023

Previously Unseen Grayling APT Targets Multiple Organizations in Taiwan

Grayling employs a combination of custom malware and publicly available tools like Havoc, Cobalt Strike, and NetSpy to carry out its attacks, using DLL sideloading techniques and exploiting vulnerabilities like CVE-2019-0803.

Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Organization

The Budworm APT group continues to actively develop its toolset, as evidenced by its recent use of an updated version of its SysUpdate backdoor to target organizations in the Middle East and Asia.

New 3AM Ransomware Family Used As Fallback in Failed LockBit Attack

The attackers behind 3AM, which is written in the Rust programming language, engage in reconnaissance, privilege escalation, and exfiltration of sensitive data before deploying the ransomware.

Redfly Group Compromised National Power Grid in Six-Months-Long Campaign

The Redfly threat actor group used the ShadowPad Trojan to compromise a national grid in an Asian country, stealing credentials and maintaining a presence for up to six months.
August 22, 2023

Carderbee APT Uses Legitimate Software in Supply Chain Attack Targeting Hong Kong Firms

The group appears to be skilled and patient, selectively pushing payloads to specific victims. The use of signed malware and supply chain attacks makes it difficult for security software to detect.

FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware

The Syssphinx cybercrime group, known for financially motivated attacks, has diversified its tactics by deploying ransomware in addition to its traditional point-of-sale attacks.

New Buhti Ransomware Operation Relies on Repurposed Payloads

While the group doesn’t develop its own ransomware, it does utilize what appears to be one custom-developed tool, an information stealer designed to search for and archive specified file types.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags