Threat Intelligence

Threat Intelligence Page 1

Hackers ScrubCrypt Crypter Exploit WebLogic Flaw Vulnerability Vendor Risk

Hackers used ScrubCrypt crypter to exploit the WebLogic flaw

The 8220 malicious threat group has reemerged and targets the Oracle Weblogic server vulnerabilities using the ScrubCrypt crypter. Based on reports, the group uses the newly discovered crypter since it could provide them with the ability to bypass security systems and avoid debugging tools. The 8220 gang has been very active since the start of...
Continue Reading
LockBit Ransomware Group Technique Bypass MOTW Security

LockBit group has a new technique to bypass the MOTW security

Because of a new tactic, the LockBit group has been experiencing massive success in their data exfiltration attacks against big-time organisations. Researchers explained that the group’s momentum allowed them to add more victims to their data leak site. Experts claimed that one of the significant reasons for this threat group’s successful campaigns is a new...
Continue Reading
Chinese Hackers MQsTTang Backdoor Malware Security Bypass

Chinese hackers used the MQsTTang backdoor to bypass security

One of China’s most notorious threat groups, Mustang Panda, has deployed the new MQsTTang backdoor in their recent attacks this year. Based on reports, the new backdoor from the Chinese-speaking threat group is based on something other than the group’s previous malware strains, such as PlugX. This detail indicates that these threat actors have constantly...
Continue Reading
PlugX Trojan Windows Debugger Cyberattack Campaign

PlugX trojan pose as a Windows Debugger in a new campaign

PlugX trojan operators have been impersonating the open-source Windows Debugger kit dubbed x64dbg to bypass security detections and take over a targeted system. Korplug is another term for PlugX, a post-exploitation implant notorious for its multiple capabilities like data exfiltration and compromising devices for malicious acts. This remote access trojan emerged more than a decade...
Continue Reading
Asian Medical Shipping Orgs Face Threats Hydrochasma Threat Group

Asian medical and shipping orgs face threats from Hydrochasma

A newly emerged threat group, Hydrochasma, is the latest addition to the long-line cybercriminal groups targeting Asia. This emerging threat aims at medical laboratories and shipping companies in Asia. Researchers have yet to link this new group to known threat actors since it has no activities that could tie it with other cybercriminals. However, some...
Continue Reading
Hardbit 2.0 Ransomware Unique Cyberattack Tactics

Hardbit 2.0 ransomware deploys new unique attack tactics

The new ransomware strain, dubbed Hardbit 2.0, has appeared in the cybercriminal landscape and was observed by researchers from the end of 2022 and this year. This ransomware variant is a new version of Hardbit, which spread through different targets last year. Hardbit 2.0 is still developing but has already displayed unique capabilities. The researchers...
Continue Reading
ESXiArgs Ransomware VMWare Vulnerability Malware Europe

ESXiArgs ransomware struck hundreds of targets in Europe

Recent research revealed that the ESXiArgs Ransomware has successfully compromised over 500 targets in several European countries, such as the United Kingdom, Germany, the Netherlands, France, and Ukraine. This new report came from a researcher who spotted two hosts deploying similar ransoms in October last year. These attacks have targeted the ESXi versions 6.5 and...
Continue Reading
Threat Actors Havoc Framework Command And Control Malware Hackers

Threat actors leverage the Havoc framework for post-exploitation

Recent research revealed that several threat actors are using an alternative post-exploitation tool called the Havoc framework for Cobalt Strike and Brute Ratel. This new framework is a new open-source command and command-and-control infrastructure. Havoc is cross-platform that could bypass Microsoft Defended on Windows 11 through sleep obfuscation, indirect syscalls, and return address stack spoofing....
Continue Reading
8220 Hacker Gang TTPs Cloud Landscape

8220 gang upgraded its TTPs to target the cloud landscape

One of China’s most notorious cybercriminal groups, the 8220 gang, has been improving its attack capabilities to execute sophisticated cryptocurrency mining attacks. This Chinese-speaking threat group is famous for utilising tactics, techniques, and procedures (TTPs) borrowed from other cybercriminal groups such as TeamTNT, WatchDog, and Rocke. One of the well-known tactics this group adopted is...
Continue Reading
Tonga Communications Corporation Ransomware Cyberattack Telecommunications

Tonga Communications Corporation suffered a ransomware attack

A state-owned telecommunications company, Tonga Communications Corporation (TCC), admitted that it experienced a ransomware attack that could affect its customers. TCC is one of the two telecommunication companies in Tonga. The affected entity posted a notice on Facebook stating that the attack might cause delays in their administrative operations. Moreover, the company confirmed that the...
Continue Reading
1 2 3 22