malware
ROKRAT Reloaded
1 min read
This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads on several compromised websites. One of the website was a compromised government website. We […]
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
1 min read
This post was authored by Warren Mercer, Paul Rascagneres and Vitor Ventura INTRODUCTION Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 […]
A Guide for Encrypted Traffic Analytics
1 min read
Learn about Encrypted Traffic Analytics, Cisco’s latest innovation that allows organizations to leverage the network to find threats in encrypted traffic.
Securing the Digital Institute – Deakin University: A Case Study in Cyber Security Excellence
1 min read
Ransomware and malware attacks have been capturing recent global headlines and like all industries, the education sector is vulnerable to this growing threat landscape. Although the full reputational and financial impact of these attacks are not known, it is a stark reminder of the significant cost that a malware outbreak can have on any organisation. Deakin University in Victoria, Australia supports the idea that tactical approaches to security are failing to provide the required […]
CCleaner Command and Control Causes Concern
1 min read
This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner […]
Threat Round-up for Aug 11 – Aug 18
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 11 and August 18. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]
When combining exploits for added effect goes wrong
1 min read
Since public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word. In this recent campaign, attackers combined CVE-2017-0199 exploitation with an earlier exploit, CVE-2012-0158, possibly in […]
Threat Round-up for July 28 – August 4
1 min read
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 28 and August 04. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]
Are You The Lucky One? Sometimes Luck Can Bring You Malware
6 min read
For more than two decades, malicious actors have been evolving their Phishing techniques to effectively achieve their goals. From poorly crafted scams to extremely well crafted documents, Phishing attacks keep being a very effective...