malware

November 27, 2017

THREAT RESEARCH

ROKRAT Reloaded

1 min read

This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. One of the website was a compromised government website. We […]

October 22, 2017

THREAT RESEARCH

“Cyber Conflict” Decoy Document Used In Real Cyber Conflict

1 min read

This post was authored by Warren Mercer, Paul Rascagneres and Vitor Ventura INTRODUCTION Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 […]

October 4, 2017

EDUCATION

Securing the Digital Institute – Deakin University: A Case Study in Cyber Security Excellence

1 min read

Ransomware and malware attacks have been capturing recent global headlines and like all industries, the education sector is vulnerable to this growing threat landscape. Although the full reputational and financial impact of these attacks are not known, it is a stark reminder of the significant cost that a malware outbreak can have on any organisation.  Deakin University in Victoria, Australia supports the idea that tactical approaches to security are failing to provide the required […]

September 20, 2017

THREAT RESEARCH

CCleaner Command and Control Causes Concern

1 min read

This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner […]

August 18, 2017

THREAT RESEARCH

Threat Round-up for Aug 11 – Aug 18

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 11 and August 18. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]

August 14, 2017

THREAT RESEARCH

When combining exploits for added effect goes wrong

1 min read

Since public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word. In this recent campaign, attackers combined CVE-2017-0199 exploitation with an earlier exploit, CVE-2012-0158, possibly in […]

August 4, 2017

THREAT RESEARCH

Threat Round-up for July 28 – August 4

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 28 and August 04. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]

July 13, 2017

SECURITY

Are You The Lucky One? Sometimes Luck Can Bring You Malware

6 min read

For more than two decades, malicious actors have been evolving their Phishing techniques to effectively achieve their goals. From poorly crafted scams to extremely well crafted documents, Phishing attacks keep being a very effective...