Our recent investigation at Certfa Lab, the APT42 has been running multiple phishing campaigns since late 2021 and some of them are ongoing and still active.
Our recent investigation at Certfa Lab, the APT42 has been running multiple phishing campaigns since late 2021 and some of them are ongoing and still active.
New Wave of Espionage Activity Targets Asian Governments
Governments and state-owned organizations are the latest targets of a well-established threat actor. A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. The attacks, which have been underway since at least early 2021, appear to have intelligence gathering as their main goal.
New Wave of Espionage Activity Targets Asian Governments
Governments and state-owned organizations are the latest targets of a well-established threat actor. A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. The attacks, which have been underway since at least early 2021, appear to have intelligence gathering as their main goal.
Delivers Payload Using Post Exploitation Framework During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned an interesting infection chain of the Bumblebee loader malware being distributed via spam campaigns. Bumblebee is a replacement for the BazarLoader malware, which acts as a downloader and delivers known attack frameworks and open-source tools such as Cobalt Strike, Shellcode, Sliver, Meterpreter, etc. It also downloads other types of malware such as ransomware, trojans, etc.
Delivers Payload Using Post Exploitation Framework During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned an interesting infection chain of the Bumblebee loader malware being distributed via spam campaigns. Bumblebee is a replacement for the BazarLoader malware, which acts as a downloader and delivers known attack frameworks and open-source tools such as Cobalt Strike, Shellcode, Sliver, Meterpreter, etc. It also downloads other types of malware such as ransomware, trojans, etc.
Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing
Analysts at the Cofense Phishing Defense Center (PDC) have recently analyzed an email asking users to download a “Proof of Payment” as well as other documents. While it is important to never click on the link(s) or download the attachment(s) of any suspicious email, if the recipient interacts with the link, it downloaded the malware Lampion.
Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing
Analysts at the Cofense Phishing Defense Center (PDC) have recently analyzed an email asking users to download a “Proof of Payment” as well as other documents. While it is important to never click on the link(s) or download the attachment(s) of any suspicious email, if the recipient interacts with the link, it downloaded the malware Lampion.
In this intrusion from May 2022, we observed a domain-wide compromise that started from a malware ridden Excel document containing the never-dying malware, Emotet. The post-exploitation started ver…
In this intrusion from May 2022, we observed a domain-wide compromise that started from a malware ridden Excel document containing the never-dying malware, Emotet. The post-exploitation started ver…
The Curious Case of “Monti” Ransomware: A Real-World Doppelganger
While working a recent ransomware incident, BlackBerry identified a group whose name and TTPs mimicked the long-standing, popular ransomware crew Conti. Furthermore, the encryptor payload used in the attack was taken from the original group and modified for use with this new group. Who was this doppelganger?
The Curious Case of “Monti” Ransomware: A Real-World Doppelganger
While working a recent ransomware incident, BlackBerry identified a group whose name and TTPs mimicked the long-standing, popular ransomware crew Conti. Furthermore, the encryptor payload used in the attack was taken from the original group and modified for use with this new group. Who was this doppelganger?
Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police
A data broker has been selling raw location data about individual people to federal, state, and local law enforcement agencies, EFF has learned. This personal data isn’t gathered from cell phone towers or tech giants like Google — it’s obtained by the broker via thousands of different apps on Android and iOS app stores as part of the larger location data marketplace.
Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police
A data broker has been selling raw location data about individual people to federal, state, and local law enforcement agencies, EFF has learned. This personal data isn’t gathered from cell phone towers or tech giants like Google — it’s obtained by the broker via thousands of different apps on Android and iOS app stores as part of the larger location data marketplace.
Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers
Une campagne de phishing d’Instagram cible spécifiquement les utilisateurs de la plateforme afin de subtiliser leurs informations personnelles et identifiants de compte.
Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers
Une campagne de phishing d’Instagram cible spécifiquement les utilisateurs de la plateforme afin de subtiliser leurs informations personnelles et identifiants de compte.
Documentos portugueses da NATO apanhados à venda na darkweb
[Google Translate](https://www-dn-pt.translate.goog/sociedade/documentos-portugueses-da-nato-apanhados-a-venda-na-darkweb--15146671.html?_x_tr_sl=pt&_x_tr_tl=en&_x_tr_hl=fr&_x_tr_pto=wapp) Portuguese NATO documents caught for sale on the darkweb The extent of the damage is still being investigated by the National Security Office, but suspicions of the breach of security that facilitated the exfiltration of secret NATO documents fall on EMGFA, secret military and MDN computers.
Documentos portugueses da NATO apanhados à venda na darkweb
Google Translate Portuguese NATO documents caught for sale on the darkweb The extent of the damage is still being investigated by the National Security Office, but suspicions of the breach of security that facilitated the exfiltration of secret NATO documents fall on EMGFA, secret military and MDN computers.