July 10, 2020

THREAT RESEARCH

Threat Roundup for July 3 to July 10

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 3 and July 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

July 6, 2020

THREAT RESEARCH

WastedLocker Goes “Big-Game Hunting” in 2020

2 min read

By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. The use of “dual-use” tools and “LoLBins” enables adversaries to evade detection and stay under the radar as they further […]

July 1, 2020

THREAT RESEARCH

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

1 min read

By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted. These campaigns make use of existing email threads from compromised accounts to greatly increase success. The additional use of password-protected ZIP files can create a blind spot in […]

June 29, 2020

THREAT RESEARCH

PROMETHIUM extends global reach with StrongPity3 APT

1 min read

The PROMETHIUM threat actor — active since 2012 — has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, Cisco Talos identified around 30 new […]

June 26, 2020

THREAT RESEARCH

Threat Roundup for June 19 to June 26

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 19 and June 26. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

June 23, 2020

THREAT RESEARCH

Threat Roundup for June 5 to June 12

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 5 and June 12. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

June 22, 2020

THREAT RESEARCH

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike

1 min read

By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular infection. This campaign appears to target military and government organizations in South Asia. Network-based detection, although […]

June 5, 2020

THREAT RESEARCH

Threat Roundup for May 29 to June 5

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 29 and June 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

May 29, 2020

THREAT RESEARCH

Threat Roundup for May 22 to May 29

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 22 and May 29. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]