Avast uncovered a distribution point under the control of Mustang Panda APT that serves as temporary storage to exfiltrate tons of data on a daily basis. The dump includes documents, recordings, and webmail dumps including scans of the passports of individuals. Target regions are Asia, the US ...Read More
Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September 2021.
Trellix researchers analyzed thousands of leaked internal messages related to the Yanluowang group and revealed the group's inner workings, victims, and possible collaboration with other Russian ransomware groups.
According to Trend Micro researchers, Earth Preta is targeting government, academic, foundations, and research sectors in Myanmar, Australia, the Philippines, Japan, Taiwan, and other Asia Pacific countries.
The threat actor is relying on malware downloaders such as BatLoader, posing as legitimate installers or updates for software such as AnyDesk, Adobe Flash Player, Microsoft Teams, TeamViewer, and Zoom.