Labs Archive

The self-proclaimed 'oldest ransomware affiliate on the planet' has new tricks and new features and continues to beat enterprise defenses.

Security Research

Inside Malicious Windows Apps for Malware Deployment

Aleksandar Milenkoski / July 14, 2022

Learn how threat actors manipulate Windows to install malicious apps that are trusted by the system, and how to defend against them.

Adversary

Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs

Tom Hegel / July 7, 2022

Chinese-linked phishing campaign seeks to compromise Russian targets with custom malware designed for espionage.

Advanced Persistent Threat

Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years

Joey Chen / June 9, 2022

Targeting organizations in SE Asia and Australia, Aoqin Dragon uses pornographic-themed lures and custom backdoors to conduct espionage operations.

Security & Intelligence

Use of Obfuscated Beacons in ‘pymafka’ Supply Chain Attack Signals a New Trend in macOS Attack TTPs

Phil Stokes / May 25, 2022

A new typosquatting attack against the PyPI repository targets enterprise Macs with a distinctive obfuscation method.

Security Research

Putting Things in Context | Timelining Threat Campaigns

Tom Hegel / May 11, 2022

Visualizing data is integral to threat research. See how we used this timeline analysis tool to track activity in the Ukrainian cyber conflict.

Security Research

Vulnerabilities in Avast And AVG Put Millions At Risk

Kasif Dekel / May 5, 2022

Two high-severity flaws in popular end user security tools allow attackers to elevate privileges and compromise devices.

Adversary

Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad

Joey Chen / May 2, 2022

Chinese-aligned APT group Moshen Dragon caught sideloading malware through multiple AV products to infect telecoms sector.

Crimeware

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility

James Haughom / April 27, 2022

Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.

Who Needs Macros? | Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts

LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques

Inside Malicious Windows Apps for Malware Deployment

Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs

Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years

Use of Obfuscated Beacons in ‘pymafka’ Supply Chain Attack Signals a New Trend in macOS Attack TTPs

Putting Things in Context | Timelining Threat Campaigns

Vulnerabilities in Avast And AVG Put Millions At Risk

Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility

Who Needs Macros? | Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts

LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques

Inside Malicious Windows Apps for Malware Deployment

Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs

Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years

Use of Obfuscated Beacons in ‘pymafka’ Supply Chain Attack Signals a New Trend in macOS Attack TTPs

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware

Putting Things in Context | Timelining Threat Campaigns

Vulnerabilities in Avast And AVG Put Millions At Risk

Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility