#2024 #En #sekoia

A glimpse into the Quad7 operators' next moves and associated botnets

Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.

#sekoia #EN #2024 #Quad7 #botnet #toolset #backdoors #analysis

·blog.sekoia.io·Sep 11, 2024

A glimpse into the Quad7 operators' next moves and associated botnets

Solving the 7777 Botnet enigma: A cybersecurity quest

Sekoia.io investigated the mysterious 7777 botnet (aka. Quad7 botnet), published by the independent researcher Gi7w0rm inside the “The curious case of the 7777 botnet” blogpost. This investigation allowed us to intercept network communications and malware deployed on a TP-Link router compromised by the Quad7 botnet in France. To our understanding, the Quad7 botnet operators leverage compromised TP-Link routers to relay password spraying attacks against Microsoft 365 accounts without any specific targeting. Therefore, we link the Quad7 botnet activity to possible long term business email compromise (BEC) cybercriminal activity rather than an APT threat actor. However, certain mysteries remain regarding the exploits used to compromise the routers, the geographical distribution of the botnet and the attribution of this activity cluster to a specific threat actor. * The insecure architecture of this botnet led us to think that it can be hijacked by other threat actors to install their own implants on the compromised TP-Link routers by using the Quad7 botnet accesses.

#sekoia #EN #2024 #7777 #botnet #research #Quad7 #TP-Link #routers

·blog.sekoia.io·Jul 23, 2024

Solving the 7777 Botnet enigma: A cybersecurity quest

PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog

Uncover an in-depth analysis of PikaBot, a malware loader used by Initial Access Brokers for network compromise and ransomware deployment.

#sekoia #EN #2024 #PikaBot #malware #analysis #TA577 #BlackBasta

·blog.sekoia.io·Jun 4, 2024

PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog

Unplugging PlugX: Sinkholing the PlugX USB worm botnet

Learn about our process for collecting telemetry data from PlugX worm-infected workstations, as well as how to disinfect them.

#sekoia #EN #2024 #PlugX #Sinkhole #USB #worm #botnet

·blog.sekoia.io·Apr 26, 2024

Unplugging PlugX: Sinkholing the PlugX USB worm botnet

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit

Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.

#sekoia #EN #2024 #Tycoon2FA #phishing #PhaaS #AiTM #phishing-kit #analysis

·blog.sekoia.io·Mar 26, 2024

Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit

The Architects of Evasion: a Crypters Threat Landscape

Learn about key concepts and different crypters-related activities as well as the lucrative ecosystem of malicious groups that exploit them.

#sekoia #EN #2024 #Crypters #Evasion #analysis

·blog.sekoia.io·Mar 14, 2024

The Architects of Evasion: a Crypters Threat Landscape

NoName057(16) DDoSia project: 2024 updates and behavioural shifts

Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DDoS attacks and the specifics of the evolution of the C2 servers. It also provides an overview of the country and sectors targeted by the group for 2024.

#sekoia #EN #2024 #NoName057(16)#DDoSia #Analysis

·blog.sekoia.io·Mar 1, 2024

NoName057(16) DDoSia project: 2024 updates and behavioural shifts