Cybersecurity researchers at Proofpoint have uncovered a new tactic employed by cybercriminal threat actor TA577, shedding light on a lesser-seen objective in their operations. The group was found utilizing an attack chain aimed at stealing NT LAN Manager (NTLM) authentication information. This method could potentially be exploited for sensitive data gathering and facilitating further malicious […]
Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. In its 2023 Adversary Infrastructure Report, published on January 9, 2024, Recorded Future analyzed the effect of three malware takedown operations that took place in 2023 or before: The Emotet […]
The CISA and the FBI issued a joint advisory to warn organizations about a cybercriminal group named Scattered Spider, which has recently updated its TTPs to infiltrate targets. It comes a few days after the CISA issued advisories on IOCs and TTPs associated with Rhysida ransomware and Royal ransomware that have been targeting organizations worldwide. […]
The deployment of file-encrypting ransomware by organized cybercriminal gangs is one of the largest cybersecurity risks facing organizations. A network breach that culminates with a ransomware infection often starts with an infection with a type of malware called a loader. This malware acts as a foothold into an organization’s network and is subsequently used to […]
The cybercriminal community is increasingly adopting a newly discovered malware loader named HijackLoader. First discovered in July, the loader is being used to distribute different malware families such as DanaBot, SystemBC, and RedLine Stealer. Key capabilities HijackLoader uses a modular architecture that facilitates threat actors to perform code injection and execution. While the exact initial […]