TLP TLP TLP CLEAR Author David Deflache, Sebastien Tricaud Summary This week, we share data from another attack being exploited. In mid-Autumn 2021, Kaspersky experts uncovered a ShadowPad malware campaign targeting a national telecom company in Pakistan. The attack, presumed to have begun in winter 2021, exploited MS Exchange vulnerability (CVE-2021-26855) to install a Cobalt…
TLP TLP TLP CLEAR Author Jordi M. Lobo Summary In a recent cyber attack, the Snatch Team used RDP brute force to infiltrate a network and rapidly executed a series of sophisticated actions within a short time frame. They gained initial access by logging into a Domain Administrator (DA) account, performed various commands, and initiated…
TLP TLP TLP CLEAR Author Jordi M. Lobo Summary The Trigona ransomware, emerging in late 2022, has rapidly evolved with continuous updates. By April 2023, it started targeting MSSQL servers through brute force methods. This threat is linked to the CryLock ransomware group and possibly ALPHV (BlackCat), though their involvement remains uncertain. The US and…
TLP TLP TLP CLEAR Author Jordi M. Lobo Summary A new ransomware variant has emerged as part of the Adhubllka ransomware family, targeting individuals and small enterprises with smaller ransom demands to evade media attention. The ransomware spreads via phishing emails and employs a victim portal on Tor for decryption key delivery after ransom payment….
TLP TLP TLP CLEAR Author David Deflache Summary Microsoft has detected China-linked state-sponsored group HAFNIUM using zero-day exploits to target on-premises Microsoft Exchange Servers. The group gained access to servers, email accounts, and installed malware. Vulnerabilities CVE-2021-26855, -26857, -26858, and -27065 were patched in the latest release. Exchange Online is unaffected. HAFNIUM’s targets include US…
TLP TLP TLP CLEAR Author Jordi M. Lobo Summary Mallox is a ransomware strain that targets Microsoft Windows systems and has been active since June 2021. Recently, Unit 42 researchers observed a significant increase in Mallox ransomware activities, with a rise of almost 174% compared to the previous year. The group exploits unsecured MS-SQL servers…
TLP TLP TLP CLEAR Author David Deflache Summary This case involves a sophisticated intrusion that occurred over an 11-day period. The threat actors initiated the attack by sending an email with a link to download a password-protected zip file containing an ISO file. Upon extraction, the ISO file mounted as a CD and executed a…
End of content
End of content
