ObliqueRAT returns with new campaign using hijacked websites

By Asheer Malhotra. Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT. This campaign targets organizations in South Asia.ObliqueRAT has been linked to the Transparent Tribe APT group in the past.This campaign hides the ObliqueRAT payload in seemingly benign image files hosted […]

Continue Reading

Lazarus targets defense industry with ThreatNeedle

Lazarus targets defense industry with ThreatNeedle (PDF) We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking […]

Continue Reading

Gamaredon – When nation states don’t pay all the bills

By Warren Mercer and Vitor Ventura. Gamaredon is a threat actor, active since at least 2013, that has long been associated with pro-Russian activities in several reports throughout the years. It is extremely aggressive and is usually not associated with high-visibility campaigns, Cisco Talos sees it is incredibly active and we believe the group is […]

Continue Reading

Rapport de Cybermenaces Proofpoint – Q4 2020

Tendances des cybermenaces, tactiques et leurres les plus utilisés, Proofpoint dévoile son nouveau rapport sur les menaces au 4e trimestre 2020. Il met en exergue le facteur humain comme premier vecteur de menace et propose d’explorer la façon dont les attaquants agissent et les moyens pour s’en prémunir. The post Rapport de Cybermenaces Proofpoint – […]

Continue Reading

Researchers Spotted Two Android Spyware Linked to Confucius

  Researchers at cybersecurity firm Lookout have published information on two recently discovered Android spyware families utilized by an advanced persistent threat (APT) group named Confucius. Lookout said that two malware strains, named Hornbill and SunBird, have been linked to Confucius, a group thought to be state-sponsored and to have pro-India ties.  First detected in […]

Continue Reading

NIST provides guidance to protect controlled unclassified information

Nations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them. Protect […]

Continue Reading

Nation-state campaign targets Talos researchers

Google’s Threat Analysis Group published a blog Monday evening warning of an ongoing campaign attempting to compromise security researchers. Google TAG’s blog outlines the attacker’s motivations and various TTPs used in these attacks.  We can confirm that multiple Cisco Talos researchers received messages that appear to be linked to this campaign. As you can see […]

Continue Reading

Sunburst backdoor – code overlaps with Kazuar

Introduction On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an actor named “Dark Halo”. FireEye did not link this activity to any known actor; […]

Continue Reading