A financially motivated threat actor has been associated with an ongoing sophisticated web-skimming campaign active for over a year. Tracked as Silent Skimmer, the campaign deploys payment scraping mechanisms to extract sensitive financial data from users. Attack method As part of the campaign, the attackers are exploiting internet-facing applications for initial access and deploying various […]
Sep 19, 2023THNCyber Attack / Threat Intel Targets located in Azerbaijan have been singled out as part of a new campaign that’s designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor or […]
A Chinese-speaking threat actor that has been skimming credit card numbers off ecommerce sites and point-of-sale service providers in the Asia/Pacific region for more than a year has begun aiming at similar targets in North and Latin America as well. In a series of attacks since at least May 2023, the adversary has exploited vulnerabilities […]
Executive Summary Turla (aka Pensive Ursa, Uroburos, Snake) is a Russian-based threat group operating since at least 2004, which is linked to the Russian Federal Security Service (FSB). In this article, we will cover the top 10 most recently active types of malware in Pensive Ursa’s arsenal: Capibar, Kazuar, Snake, Kopiluwak, QUIETCANARY/Tunnus, Crutch, ComRAT, Carbon, […]
Sep 19, 2023THNMobile Security / Malware The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. “CapraRAT is a highly invasive tool that gives the attacker control over much of the data on […]
In early 2021, we published a research paper discussing the operation of a China-linked threat actor we tracked as Earth Lusca. Since our initial research, the group has remained active and has even extended its operations, targeting countries around the world during the first half of 2023. While monitoring the group, we managed to obtain […]
Sep 18, 2023The Hacker NewsIdentity Threat / Attack Surface When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) […]
Sep 18, 2023THNThreat Intelligence / Ransomware The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. “UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, […]
Summary Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing […]