TLP TLP TLP CLEAR Author Jordi M. Lobo, David Deflache, Sebastien Tricaud Summary Nokoyawa is a cyber intrusion that began with a malicious Excel document in October 2022. The document triggered macros, leading to the execution of an IcedID DLL payload. The attackers established persistence on the host, deployed Cobalt Strike beacons, escalated privileges, and…
TLP TLP TLP CLEAR Author David Deflache Summary In May 2023, Barracuda disclosed a zero-day vulnerability (CVE-2023-2868) exploited by UNC4841, a suspected Chinese espionage actor. UNC4841 targeted Barracuda Email Security Gateways (ESG) since October 2022, using malicious email attachments. They deployed code families (SALTWATER, SEASPY, SEASIDE) to infiltrate and maintain control, often disguising as legitimate…
End of content
End of content
