Nerbian RAT, a new remote access trojan, has recently been found by experts possessing advanced capabilities such as bypassing security detection and being analysed by security researchers. Written in the Go programming language, the new trojan is a cross-platform 64-bit threat spread through a small-scale phishing campaign using macro-laced documents. The malware was discovered in...Continue Reading
A hacking group dubbed UNC3524 is found using thorough strategies in attacking corporate networks to intrude and steal data. According to experts, the threat group remained hidden from its victims for over 18 months while collecting information associated with mergers, acquisitions, and financial transactions. UNC3524 was first detected in December 2019. They utilised a wide...Continue Reading
Recent research conducted by cybersecurity analysts revealed that the TA410 threat gang controls an operation containing three sub-groups. Although the groups are under the same umbrella, they have different tactics, techniques, and procedures for striking their victims. The three sub-groups working on the TA410 are JollyFrog, FlowingFrog, and LookingFrog. These three groups work separately but...Continue Reading
A new ransomware group called Black Basta has infected about a dozen organisations, and some researchers claim that it may have a link to the notorious Conti gang. The appearance of Black Basta was first discovered last month. Researchers also noted that they had already compiled samples regarding the new threat in February. The threat...Continue Reading
A newly discovered threat group called GOLD ULRICK continues to adapt and operate the Conti name-and-shame ransomware scheme and adjusted well to the massive data leak of Conti ransomware’s source code. Conti is still actively circulating in the wild based on recent findings despite experiencing enormous data leaks from security researchers. The efforts of many...Continue Reading
Researchers link the North Korean-sponsored Lazarus group to a new malware that targeted over 40 institutions. The recent attacks in the first months of this year revealed further details regarding the malware attacking organisations by spoofing an executable of INISAFE CrossWeb EX version 3, a security program of INITECH. The threat actors input the malware...Continue Reading
New data revealed that threat actors are reutilising the RedLine malware in their cyberattacks against networks from over 150 countries in April this year. In January, researchers first identified a campaign that exploits the CVE-2021-26411 security flaw of the web browser Internet Explorer to spread the malware. RedLine stealer is a password-stealing malware available on...Continue Reading
A massive Monero crypto mining attack using the Lemon Duck botnet has targeted Docker Application Programing Interface (API) on Linux servers. Researchers said its operators launch the botnet attacks to target misconfigured Docker systems. The threat actors operating the recent Lemon Duck campaign hide their crypto wallets behind proxy pools based on sample analysis. Moreover,...Continue Reading
After a year since its shutdown, the Emotet malware operation has resurfaced in the threat landscape to continue its attacks. Security analysts listed the malware as the top malicious tool deployed by its operators, which impacted about 10% of firms worldwide in March of this year. Moreover, the analysts have observed a rapid acceleration of...Continue Reading
Recent reports revealed that the North Korean government backs the Lazarus advanced persistent threat (APT) group in targeting companies and investors using cryptocurrency and blockchain with crypto applications injected with malware. Several law enforcement agencies, including the FBI, CISA, and the US Treasury Department, have issued a joint warning that alerts cryptocurrency and blockchain firms...Continue Reading