Kimsuky APT continues to target South Korean government using AppleSeed backdoor - Kimsuky, the North Korean threat actor active since 2012, is still targeting the South Korean government. We take a look at the phishing infrastructure and command and control mechanisms of this APT.
Aurora campaign: Attacking Azerbaijan using multiple RATs - We identified a new Python-based RAT targeting Azerbaijan from the same threat actor we profiled a month ago.
Cleaning up after Emotet: the law enforcement file - Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.
German users targeted with Gootkit banker or REvil ransomware - After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.
Release the Kraken: Fileless injection into Windows Error Reporting service - We discovered a new attack that injected its payload—dubbed
Malspam campaign caught using GuLoader after service relaunch - We discovered a spam campaign distributing GuLoader in the aftermath of the service's relaunch
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature - A newly discovered APT spear-phishing attack implements several evasion techniques to drop Cobalt Strike toolkit.
New LNK attack tied to Higaisa APT discovered - We describe a new spearphishing campaign tied to the potential North Korean Higaisa APT group.
Shining a light on “Silent Night” Zloader/Zbot - The latest Malwarebytes Threat Intel report focuses on Silent Night, a new banking Trojan recently tracked as Zloader/Zbot.

Select your language