Threat Research
- Our Favorite Topics:
Threat Roundup for July 3 to July 10
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 3 and July 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
WastedLocker Goes “Big-Game Hunting” in 2020
2 min read
By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. The use of “dual-use” tools and “LoLBins” enables adversaries to evade detection and stay under the radar as they further […]
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
1 min read
By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted. These campaigns make use of existing email threads from compromised accounts to greatly increase success. The additional use of password-protected ZIP files can create a blind spot in […]
PROMETHIUM extends global reach with StrongPity3 APT
1 min read
The PROMETHIUM threat actor — active since 2012 — has been exposed multiple times over the past several years.. However, this has not deterred this actor from continuing and expanding their activities. By matching indicators such as code similarity, command and control (C2) paths, toolkit structure and malicious behavior, Cisco Talos identified around 30 new […]
Threat Roundup for June 19 to June 26
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 19 and June 26. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Threat Roundup for June 5 to June 12
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 5 and June 12. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
1 min read
By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular infection. This campaign appears to target military and government organizations in South Asia. Network-based detection, although […]
Threat Roundup for May 29 to June 5
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 29 and June 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Threat Roundup for May 22 to May 29
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 22 and May 29. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]