Threat Reports

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

ESET research discovers several previously undocumented post-compromise tools used by the highly active Gamaredon APT group in various malicious campaigns.

ToddyCat is a relatively new APT actor, its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

Executive Summary In this article, Check Point Research shares findings on a group / activity cluster with ties to Tropic Trooper: The infection chain includes a previously undescribed loader (dubbed “Nimbda”) written in Nim language. This loader was observed bundled with a Chinese language greyware “SMS Bomber” tool that is most likely illegally distributed in... Click to Read More

Our Threat Detection Report takes a close look at the most prevalent techniques & threats to help security teams focus on what matters most.

APT41’s persistent effort allowed them to successfully compromise at least six U.S. state government networks.

Threat actor exploits Log4j2 vulnerabilities to drop PowerShell backdoors, harvest credentials, and communicate via legitimate services.

Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear

This blog discusses the StellarParticle campaign and the novel tactics and techniques used in supply chain attacks observed by CrowdStrike incident responders.