Crimeware - SentinelOne
Category

Crimeware

SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders

SocGholish operators continue to infect websites at a massive scale, and the threat actor is ramping up its infrastructure to match.

Read More

Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor

Black Basta operational TTPs are described here in full detail, revealing previously unknown tools and techniques and a link to FIN7.

Read More

Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection

Partially encrypting victims' files improves ransomware speed and aids evasion. First seen in LockFile, the technique is now being widely adopted.

Read More

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.

Read More

Who Needs Macros? | Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts 

Crimeware vendors say 'macros are dead', but they have a new weapon to help threat actors successfully deploy malware.

Read More

LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques

The self-proclaimed 'oldest ransomware affiliate on the planet' has new tricks and new features and continues to beat enterprise defenses.

Read More

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware

Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.

Read More

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility

Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.

Read More

Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise

Nemty developers have created a new, flawed update to the Karma ransomware variant in a bid to avoid detection and mislead attribution.

Read More

Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp

What really happened to Evil Corp after the OFAC sanctions? Did they cut and run, or are they still operating with impunity?

Read More