Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

October 6, 2020

THREAT RESEARCH

PoetRAT: Malware targeting public and private sector in Azerbaijan evolves

Cisco Talos discovered PoetRAT earlier this year. We have continued to monitor this actor and their behavior over the preceding months. We have observed multiple new campaigns indicating a change in the actor’s capabilities and showing their maturity toward better operational security. We assess with medium confidence this actor continues to use spear-phishing attacks to […]

October 2, 2020

THREAT RESEARCH

Threat Roundup for September 25 to October 2

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 25 and October 2. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 29, 2020

THREAT RESEARCH

LodaRAT Update: Alive and Well

Talos recently identified new versions of Loda RAT, a remote access trojan written in AutoIt. Not only have these versions abandoned their usual obfuscation techniques, several functions have been rewritten and new functionality has been added. In one version, a hex-encoded PowerShell keylogger script has been added, along with a new VB script, only to […]

September 28, 2020

THREAT RESEARCH

Microsoft Netlogon exploitation continues to rise

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon, outlined in the August Microsoft Patch Tuesday report. The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol which — among other things — can be used […]

September 25, 2020

THREAT RESEARCH

Threat Roundup for September 18 to September 25

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 18 and September 25. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 18, 2020

THREAT RESEARCH

Threat Roundup for September 11 to September 18

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 11 and September 18. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 11, 2020

THREAT RESEARCH

Threat Roundup for September 4 to September 11

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 4 and September 11. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 4, 2020

THREAT RESEARCH

Threat Roundup for August 28 to September 4

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 28 and September 4. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

September 3, 2020

THREAT RESEARCH

Salfram: Robbing the place without removing your name tag

Over the past several months, Cisco Talos has seen attackers carrying out ongoing email-based malware distribution campaigns to distribute various malware payloads. These email campaigns feature several notable characteristics that appear designed to evade detection and maximize the effectiveness of these campaigns. The use of web-based contact forms, legitimate hosting platforms, and a specific crypter […]