Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results
SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
Pro-Russia hackers use Telegram, GitHub to attack Czech presidential election
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne
New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.
Top 10 macOS Malware Discoveries in 2022
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.
The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques
Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.
Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
Black Basta operational TTPs are described here in full detail, revealing previously unknown tools and techniques and a link to FIN7.
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.
Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
The Void Balaur cyber mercenary group has thrived throughout 2022, attacking targets on a global scale with new phishing campaigns.
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
Partially encrypting victims' files improves ransomware speed and aids evasion. First seen in LockFile, the technique is now being widely adopted.
PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.
XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python
New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.
8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
Low-level crimeware gang has been exploiting misconfigured and publicly accessible Docker and other cloud instances with roaring success.
CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.
From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
Researchers looking into a new APT group targeting gambling sites with a variety of cross-platform malware recently identified a version of oRAT malware targeting macOS users and written in Go. While neither RATs nor Go malware are uncommon on any platform, including the Mac, the development of such a tool by a previously unknown APT is an interesting turn, signifying the increasing need for threat actors to address the rising occurrence of Macs among their intended targets and victims. In this post, we dig deeper into the technical details of this novel RAT to understand better how it works and how security teams can detect it in their environments.
AcidRain | A Modem Wiper Rains Down on Europe
As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.
ModifiedElephant APT and a Decade of Fabricating Evidence
A previously unreported threat actor has been targeting civil society for over a decade. Read about how it operates and its relationships to other threats.
Winter Vivern | Uncovering a Wave of Global Espionage
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group.
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users
Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.
BlackMamba ChatGPT Polymorphic Malware | A Case of Scareware or a Wake-up Call for Cyber Security?
The rise of publicly-accessible Al models like ChatGPT has produced some interesting attempts to create malware. How seriously should defenders take them?
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
A cryptominer that uses the Invisible Internet protocol, Honkbox variants could still be evading some detection solutions.
.NET Virtualization Thrives in Malvertising Attacks
.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.
Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results
SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
Pro-Russia hackers use Telegram, GitHub to attack Czech presidential election
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne
New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.
Top 10 macOS Malware Discoveries in 2022
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.