Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans […]
Fraudulent shopping sites tied to cybercrime marketplace taken offline
Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led by the Hanover Police Department (Polizeidirektion Hannover) and the Verden Public Prosecutor’s Office (Staatsanwaltschaft Verden) in Germany, and supported by law enforcement authorities across Europe, over 50 servers were seized, significant digital evidence was secured, […]
When Guardians Become Predators: How Malware Corrupts the Protectors
Introduction We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it […]
New PhaaS ‘Rockstar 2FA’ Bypasses MFA to Hijack Microsoft 365 Accounts
Reading Time: 3 Minutes A new phishing-as-a-service (PhaaS) platform named Rockstar 2FA has emerged, enabling adversary-in-the-middle (AiTM) attacks to bypass multifactor authentication (MFA) and steal Microsoft 365 credentials. Attack Methodology Like other AiTM platforms, Rockstar 2FA intercepts session cookies to bypass MFA protections. The attack involves: Directing victims to a fake Microsoft 365 login page. Tricking victims into entering […]
Red Team Infrastructure Done Right
🏹 Intro Let’s take a look at how to build out safe and resilient red team infrastructure from the ground up, step by step. You may be familiar with Tim MalcomVetter’s blog post on Safe Red Team Infrastructure, where he lays out the high level overview of how to make a safe red team operational […]
China-linked APT Salt Typhoon has breached telcos in dozens of countries
China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt warns. President Biden’s deputy national security adviser Anne Neuberger said that China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries. The Wall Street Journal reported that the senior White House official revealed that at least eight U.S. telecommunications firms were […]
Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors
Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. Researchers from Microsoft Threat Intelligence collected evidence that the Russia-linked ATP group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. The […]
DMM Bitcoin halts operations six months after a $300 million cyber heist
The Japanese cryptocurrency platform DMM Bitcoin is closing its operations just six months after a $300 million cyber heist. DMM Bitcoin is a cryptocurrency exchange based in Japan, operated by DMM Group, a large Japanese e-commerce and entertainment conglomerate. Launched in 2018, the platform allows users to trade various cryptocurrencies, including Bitcoin, Ethereum, and Ripple, through […]
Poland probes Pegasus spyware abuse under the PiS government
Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. Poland’s government has been investigating the alleged misuse of Pegasus spyware by the previous administration and arrested the former head of Poland’s internal security service Piotr Pogonowski. News of the arrest of Piotr Pogonowski was first reported by the Financial Times. […]
2023 Anna Jaques Hospital data breach impacted over 310,000 people
Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients. Anna Jaques Hospital is a not-for-profit community healthcare […]