Threat analysis

SolarWinds attackers launch new campaign - The Microsoft Threat Intelligence Center has issued a warning about new activities from Nobelium, the group behind SolarWinds, Sunburst, and related attacks.

Threat analysis

SolarWinds attackers launch new campaign

May 28, 2021 - The Microsoft Threat Intelligence Center has issued a warning about new activities from Nobelium, the group behind SolarWinds, Sunburst, and related attacks.

Read more
New steganography attack targets Azerbaijan - A lure document targeting Azerbaijan uses steganography to conceal a remote administration Trojan.

Threat analysis | Threat Intelligence

New steganography attack targets Azerbaijan

March 5, 2021 - A lure document targeting Azerbaijan uses steganography to conceal a remote administration Trojan.

Read more
Cleaning up after Emotet: the law enforcement file - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.

Malware | Threat analysis | Threat Intelligence

Cleaning up after Emotet: the law enforcement file

January 29, 2021 - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.

Read more
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat - A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.

Social engineering | Threat analysis | Threat Intelligence

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

January 6, 2021 - A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.

Read more
SolarWinds advanced cyberattack: What happened and what to do now - Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now.

Threat analysis | Threat Intelligence

SolarWinds advanced cyberattack: What happened and what to do now

December 14, 2020 - Possibly the largest hacking operation of 2020 was just unveiled. In this blog we share what we know and what you should do right now.

Read more
German users targeted with Gootkit banker or REvil ransomware - After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.

Malware | Threat analysis | Threat Intelligence

German users targeted with Gootkit banker or REvil ransomware

November 30, 2020 - After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.

Read more
Malsmoke operators abandon exploit kits in favor of social engineering scheme - Threat actors behind malsmoke, one of the largest malvertising campaigns we've seen in recent months, have switched malware delivery tactics.

Exploits | Threat analysis | Threat Intelligence

Malsmoke operators abandon exploit kits in favor of social engineering scheme

November 16, 2020 - Threat actors behind malsmoke, one of the largest malvertising campaigns we've seen in recent months, have switched malware delivery tactics.

Read more
Release the Kraken: Fileless injection into Windows Error Reporting service - We discovered a new attack that injected its payload—dubbed

Malware | Malwarebytes news | Threat analysis | Threat Intelligence

Release the Kraken: Fileless injection into Windows Error Reporting service

October 6, 2020 - We discovered a new attack that injected its payload—dubbed "Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism.

Read more
Inter skimming kit used in homoglyph attacks - Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks.

Threat analysis

Inter skimming kit used in homoglyph attacks

August 6, 2020 - Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks.

Read more

Select your language