A first analysis of the i-Soon data leak
Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.
Read moreAPT
FBI and CISA publish guide to Living off the Land techniques
FBI and CISA have produced guidance about Chinese APT group Volt Typhoon and other groups that use Living off the Land (LOTL) techniques.
Read moreCISA issues alert with South Korean government about DPRK’s ransomware antics
Categories: News Categories: Ransomware Tags: CISA Tags: ransomware Tags: Democratic People’s Republic of Korea Tags: DPRK Tags: North Korea Tags: WannaCry Tags: EternalBlue Tags: Lazarus Group Tags: APT Tags: Magniber Tags: Magnitude exploit kit Tags: exploit kit Tags: EK Tags: Andariel Tags: Silent Chollima Tags: Stonefly Tags: Maui Tags: H0lyGh0st Tags: PLUTONIUM Tags: Conti The tactics of North Korean-sponsored ransomware cyberattacks against the healthcare sector and other vital infrastructure are highlighted in the latest #StopRansomware alert. |
The post CISA issues alert with South Korean government about DPRK’s ransomware antics appeared first on Malwarebytes Labs.
Read moreWinnti APT group docks in Sri Lanka for new campaign
Categories: Threat Intelligence Tags: Winnti Tags: APT Tags: China Tags: Sri Lanka Tags: India Tags: Keyplug Tags: malware Tags: dropbox Tags: C2 Tags: DBoxAgent In this research paper, we document a new campaign we attribute to the Winnti APT group. The victims are located in Sri Lanka at a point in time where the country is going through economic hardship while China makes headlines for docking on of its special vessels there. |
The post Winnti APT group docks in Sri Lanka for new campaign appeared first on Malwarebytes Labs.
Read moreChinese APT’s favorite vulnerabilities revealed
Categories: Exploits and vulnerabilities Categories: News Tags: Chinese APT Tags: advanced persistent threat Tags: APT Tags: CISA Tags: NSA Tags: FBI Tags: security advisory CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China. |
The post Chinese APT’s favorite vulnerabilities revealed appeared first on Malwarebytes Labs.
Read moreWoody RAT: A new feature-rich malware spotted in the wild
Credit to Author: Threat Intelligence Team| Date: Wed, 03 Aug 2022 21:25:52 +0000
The Malwarebytes Threat Intelligence team has discovered a new Remote Access Trojan that we dubbed Woody Rat used to target Russian entities.
The post Woody RAT: A new feature-rich malware spotted in the wild appeared first on Malwarebytes Labs.
Read moreNorth Korean APT targets US healthcare sector with Maui ransomware
Credit to Author: Jovi Umawing| Date: Sun, 10 Jul 2022 21:43:29 +0000
CISA warns of an unusual ransomware.
The post North Korean APT targets US healthcare sector with Maui ransomware appeared first on Malwarebytes Labs.
Read moreImmigration organisations targeted by APT group Evilnum
Credit to Author: Christopher Boyd| Date: Thu, 30 Jun 2022 14:13:47 +0000
Immigration organisations are being targeted by the APT group Evilnum, using spear phishing to send malicious Word documents.
The post Immigration organisations targeted by APT group Evilnum appeared first on Malwarebytes Labs.
Read moreSophos uncovers how APT groups carried out highly targeted attack
Credit to Author: Andrew Brandt| Date: Wed, 15 Jun 2022 21:16:52 +0000
Two groups with common task targeted network security devices in two-stage attacks, dropping remote access tools.
Read more“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
Credit to Author: Christopher Boyd| Date: Tue, 14 Jun 2022 12:43:08 +0000
Microsoft has warned of APT groups and ransomware authors exploiting the now patched Confluence vulnerability. We take a look at the dangers.
The post “Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft appeared first on Malwarebytes Labs.
Read more