Threat Intelligence Page 1

The 8220 malicious threat group has reemerged and targets the Oracle Weblogic server vulnerabilities using the ScrubCrypt crypter. Based on reports, the group uses the newly discovered crypter since it could provide them with the ability to bypass security systems and avoid debugging tools. The 8220 gang has been very active since the start of...Continue Reading

Because of a new tactic, the LockBit group has been experiencing massive success in their data exfiltration attacks against big-time organisations. Researchers explained that the group’s momentum allowed them to add more victims to their data leak site. Experts claimed that one of the significant reasons for this threat group’s successful campaigns is a new...Continue Reading

One of China’s most notorious threat groups, Mustang Panda, has deployed the new MQsTTang backdoor in their recent attacks this year. Based on reports, the new backdoor from the Chinese-speaking threat group is based on something other than the group’s previous malware strains, such as PlugX. This detail indicates that these threat actors have constantly...Continue Reading

PlugX trojan operators have been impersonating the open-source Windows Debugger kit dubbed x64dbg to bypass security detections and take over a targeted system. Korplug is another term for PlugX, a post-exploitation implant notorious for its multiple capabilities like data exfiltration and compromising devices for malicious acts. This remote access trojan emerged more than a decade...Continue Reading

A newly emerged threat group, Hydrochasma, is the latest addition to the long-line cybercriminal groups targeting Asia. This emerging threat aims at medical laboratories and shipping companies in Asia. Researchers have yet to link this new group to known threat actors since it has no activities that could tie it with other cybercriminals. However, some...Continue Reading

The new ransomware strain, dubbed Hardbit 2.0, has appeared in the cybercriminal landscape and was observed by researchers from the end of 2022 and this year. This ransomware variant is a new version of Hardbit, which spread through different targets last year. Hardbit 2.0 is still developing but has already displayed unique capabilities. The researchers...Continue Reading

Recent research revealed that the ESXiArgs Ransomware has successfully compromised over 500 targets in several European countries, such as the United Kingdom, Germany, the Netherlands, France, and Ukraine. This new report came from a researcher who spotted two hosts deploying similar ransoms in October last year. These attacks have targeted the ESXi versions 6.5 and...Continue Reading

Recent research revealed that several threat actors are using an alternative post-exploitation tool called the Havoc framework for Cobalt Strike and Brute Ratel. This new framework is a new open-source command and command-and-control infrastructure. Havoc is cross-platform that could bypass Microsoft Defended on Windows 11 through sleep obfuscation, indirect syscalls, and return address stack spoofing....Continue Reading

One of China’s most notorious cybercriminal groups, the 8220 gang, has been improving its attack capabilities to execute sophisticated cryptocurrency mining attacks. This Chinese-speaking threat group is famous for utilising tactics, techniques, and procedures (TTPs) borrowed from other cybercriminal groups such as TeamTNT, WatchDog, and Rocke. One of the well-known tactics this group adopted is...Continue Reading

A state-owned telecommunications company, Tonga Communications Corporation (TCC), admitted that it experienced a ransomware attack that could affect its customers. TCC is one of the two telecommunication companies in Tonga. The affected entity posted a notice on Facebook stating that the attack might cause delays in their administrative operations. Moreover, the company confirmed that the...Continue Reading