Found 4 bookmarks
Custom sorting
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
In a recent cyber campaign, the Chinese state-sponsored threat group TAG-112 compromised two Tibetan websites, Tibet Post and Gyudmed Tantric University, to deliver the Cobalt Strike malware. Recorded Future’s Insikt Group discovered that the attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a disguised security certificate. This malware, often used by threat actors for remote access and post-exploitation, highlights a continued cyber-espionage focus on Tibetan entities. TAG-112’s infrastructure, concealed using Cloudflare, links this campaign to other China-sponsored operations, particularly TAG-102 (Evasive Panda).
#recordedfuture#EN#2024#EvasivePanda#TAG-112#Tibet#China#CobaltStrike#malware
·recordedfuture.com·
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
Unit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging.
#unit42#EN#2022#BruteRatelC4#CobaltStrike#redteam#APT#BRc4#C2#malware
·unit42.paloaltonetworks.com·
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
Unit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging.
#unit42#EN#2022#BruteRatelC4#CobaltStrike#redteam#APT#BRc4#C2#malware
·unit42.paloaltonetworks.com·
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
Unit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging.
#unit42#EN#2022#BruteRatelC4#CobaltStrike#redteam#APT#BRc4#C2#malware
·unit42.paloaltonetworks.com·
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors