New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
Agrius has continued to evolve its toolkit from wiper to ransomware operations, including a recent attack on a higher education facility.
Read More
MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
In the midst of an epic troll on a country-wide railway system, we discovered a new threat actor and their reusable wiper called Meteor.
Read More
ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op
Early fingerpointing at Western governments for a hack against the Russian government was misplaced. Our taxes didn’t pay for this one.
Read More
From Wiper to Ransomware | The Evolution of Agrius
New threat actor Agrius engages in espionage and destructive attacks, masquerades as ransomware with custom backdoor, wiper and malware.
Read More
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
A newly-discovered NTLM relay attack makes every Windows system vulnerable to an escalation of privileges attack, and there’s no patch in sight.
Read More
A Deep Dive into Zebrocy’s Dropper Docs
A new APT28 campaign targets Kazakhstan with Delphocy malware. We show how to reverse engineer the dropper and bypass the VBA macro’s password protection.
Read More
APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique
Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.
Read More
Case Study: Catching a Human-Operated Maze Ransomware Attack In Action
Maze operators tailor attacks to the victim’s environment to evade detection. We show how they operate, and reveal a decoded HDA payload among other IOCs.
Read More
Anchor Project | The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT
The Wind of Time Shakes the Underground | High-Tech Cybercrime & APT | Most Sophisticated & Resourceful Crimeware Group
Read More