Log4j2 In The Wild | Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon
Threat actor exploits Log4j2 vulnerabilities to drop PowerShell backdoors, harvest credentials, and communicate via legitimate services.
Read More
Threat actor exploits Log4j2 vulnerabilities to drop PowerShell backdoors, harvest credentials, and communicate via legitimate services.
A previously unreported threat actor has been targeting civil society for over a decade. Read about how it operates and its relationships to other threats.
Agrius has continued to evolve its toolkit from wiper to ransomware operations, including a recent attack on a higher education facility.
In the midst of an epic troll on a country-wide railway system, we discovered a new threat actor and their reusable wiper called Meteor.
Early fingerpointing at Western governments for a hack against the Russian government was misplaced. Our taxes didn’t pay for this one.
New threat actor Agrius engages in espionage and destructive attacks, masquerades as ransomware with custom backdoor, wiper and malware.
A newly-discovered NTLM relay attack makes every Windows system vulnerable to an escalation of privileges attack, and there’s no patch in sight.
A new APT28 campaign targets Kazakhstan with Delphocy malware. We show how to reverse engineer the dropper and bypass the VBA macro’s password protection.
Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.
Maze operators tailor attacks to the victim’s environment to evade detection. We show how they operate, and reveal a decoded HDA payload among other IOCs.