The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. “While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater’s methods remain constant,” Deep Instinct security researcher Simon […]
Apr 02, 2024NewsroomMalvertising / Threat Intelligence The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government verticals in Spain, Mexico, […]
The company attributed the infection to software adjustments made by developers to reduce boot times, which inadvertently affected network settings and omitted digital signatures.
A large-scale attack campaign attributed to the ResumeLotters threat group has come to the notice of Group-IB researchers. The campaign was active between November and December 2023 and was successfully launched against 65 websites to steal over two million unique emails. Tactics used According to researchers, the group leveraged SQL injection and Cross-Site Scripting (XSS) […]
The North Korea-linked threat group Lazarus has been attributed to a new global campaign that exploits the infamous Log4j flaw to deploy three previously undocumented DLang-based malware – NineRAT, DLRAT, and BottomLoader. The campaign, dubbed Operation Blacksmith, is believed to have been active since March, targeting organizations in the manufacturing, agriculture, and physical security sectors. […]
Dec 01, 2023NewsroomMalware / Cyber Espionage A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called SugarGh0st RAT. The activity, which commenced no later than August 2023, leverages two different infection sequences to deliver the […]
The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former). The lack of success on the defense side can be attributed to several factors: the complexity of […]
Oct 27, 2023NewsroomCyber Attack / Malware The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and […]
Researchers have uncovered fresh malware samples attributed to ransomware group Cuba, representing new versions of BurntCigar malware, which offers next-level stealth to the group. Researchers at Kaspersky uncovered the malware in an ongoing investigation, after first detecting an incident on a client’s system in December. The attack chain ultimately led to the loading of a […]