Found 62 bookmarks
Custom sorting
New TorNet backdoor seen in widespread campaign
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. The actor has delivered different payloads, including Agent Tesla, Snake Keylogger, and a new undocumented backdoor we are calling TorNet, dropped by PureCrypter malware. The actor is running a Windows scheduled task on victim machines—including on endpoints with a low battery—to achieve persistence. The actor also disconnects the victim machine from the network before dropping the payload and then connects it back to the network, allowing them to evade detection by cloud antimalware solutions. We also found that the actor connects the victim’s machine to the TOR network using the TorNet backdoor for stealthy command and control (C2) communications and detection evasion.
#talosintelligence#EN#2025#TorNet#backdoor#campaign#Poland#Germany#analysis#malware
·blog.talosintelligence.com·
New TorNet backdoor seen in widespread campaign
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
#talosintelligence#EN#2024#vulnerability#report#OpenPLC#CVE-2024-34026
·talosintelligence.com·
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
  • On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
#talosintelligence#EN#2022#Cisco#attack#Google#sync#password#insights
·blog.talosintelligence.com·
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
#talosintelligence#EN#2022#manjusaka#CobaltStrike#framework#imitation#C2
·blog.talosintelligence.com·
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
#talosintelligence#Iranian#EN#2022#APT#research#MuddyWater#Turkey#SloughRAT#RAT
·blog.talosintelligence.com·
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.
#talosintelligence#EN#2024#ArcaneDoor#perimeter-network#CVE-2024-20353#CVE-2024-20359
·blog.talosintelligence.com·
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
  • On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
#talosintelligence#EN#2022#Cisco#attack#Google#sync#password#insights
·blog.talosintelligence.com·
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
#talosintelligence#EN#2022#manjusaka#CobaltStrike#framework#imitation#C2
·blog.talosintelligence.com·
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
#talosintelligence#Iranian#EN#2022#APT#research#MuddyWater#Turkey#SloughRAT#RAT
·blog.talosintelligence.com·
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
  • On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
#talosintelligence#EN#2022#Cisco#attack#Google#sync#password#insights
·blog.talosintelligence.com·
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
#talosintelligence#EN#2022#manjusaka#CobaltStrike#framework#imitation#C2
·blog.talosintelligence.com·
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
#talosintelligence#Iranian#EN#2022#APT#research#MuddyWater#Turkey#SloughRAT#RAT
·blog.talosintelligence.com·
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Threat actors leverage document publishing sites for ongoing credential and session token theft
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
#talosintelligence#EN#phishing#legitimate#digital-document#Publuu#Marq#FlipSnack#Issuu#RelayTo
·blog.talosintelligence.com·
Threat actors leverage document publishing sites for ongoing credential and session token theft
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
  • On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
#talosintelligence#EN#2022#Cisco#attack#Google#sync#password#insights
·blog.talosintelligence.com·
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
#talosintelligence#EN#2022#manjusaka#CobaltStrike#framework#imitation#C2
·blog.talosintelligence.com·
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
#talosintelligence#Iranian#EN#2022#APT#research#MuddyWater#Turkey#SloughRAT#RAT
·blog.talosintelligence.com·
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
  • On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
#talosintelligence#EN#2022#Cisco#attack#Google#sync#password#insights
·blog.talosintelligence.com·
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
#talosintelligence#EN#2022#manjusaka#CobaltStrike#framework#imitation#C2
·blog.talosintelligence.com·
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
#talosintelligence#Iranian#EN#2022#APT#research#MuddyWater#Turkey#SloughRAT#RAT
·blog.talosintelligence.com·
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
  • On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. * During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
#talosintelligence#EN#2022#Cisco#attack#Google#sync#password#insights
·blog.talosintelligence.com·
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
#talosintelligence#EN#2022#manjusaka#CobaltStrike#framework#imitation#C2
·blog.talosintelligence.com·
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).
#talosintelligence#Iranian#EN#2022#APT#research#MuddyWater#Turkey#SloughRAT#RAT
·blog.talosintelligence.com·
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
#talosintelligence#EN#2023#Cisco#IOS#XE#Web#Management#CVE-2023-20198
·blog.talosintelligence.com·
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability