Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
North Korean threat actors attempt to further missile program by compromising sanctioned Russian defense company with OpenCarrot backdoor.
Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII
A Brazilian threat actor is targeting users of over 30 Portuguese financial institutions with custom backdoors.
Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit
North Korean APT group focuses on file reconnaissance and information exfiltration with latest variant of RandomQuery malware.
Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife
A sophisticated new toolset is being used to harvest credentials from multiple cloud service providers, including AWS SES and Microsoft Office 365.
WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.
DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
A cluster of attacks SentinelLabs tracks as DragonSpark uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.
NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers
Threat actors are abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.