September 24, 2019


How Tortoiseshell created a fake veteran hiring website to host malware

Cisco Talos discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. Symantec had previously identified the actor as Tortoiseshell.

July 9, 2019


Sea Turtle Keeps on Swimming

By Danny Adamitis with contributions from Paul Rascagneres. Executive summary After several months of activity, the actors behind the "Sea Turtle" DNS hijacking campaign are not slowing down. Cisco Talos recently discovered...

April 23, 2019


DNSpionage brings out the Karkoff

In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers'...

April 17, 2019


DNS Hijacking Abuses Trust In Core Internet Service

This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and...

November 27, 2018


DNSpionage Campaign Targets Middle East

DNSpionage Campaign Targets Middle East This blog post was authored by Warren Mercer and Paul Rascagneres. Executive Summary Cisco Talos recently discovered a new campaign targeting Lebanon and the United...

May 31, 2018


NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea

Talos discovered a malicious Hangul Word Processor (HWP) document targeting Korean users. If a malicious document is opened, a remote access trojan, "NavRAT," downloads with command execution and keylogging capabilities.

April 26, 2018


GravityRAT – The Two-Year Evolution Of An APT Targeting India

GravityRAT malware has implemented new features, such as file exfiltration, remote command execution capability and anti-vm techniques. Consistent evolution and innovation beyond standard remote code execution is concerning.

January 15, 2018


Korea In The Crosshairs

This article exposes the malicious activities of Group 123 during 2017. We assess with high confidence that Group 123 was responsible for six campaigns targeting both Korean and Non-Korean institutions.

December 19, 2017


Virus Bulletin Publication And Presentation

Virus Bulletin conference is a well regarded intimate technical conference focused on malware research. It provides a good balance between listening to technical talks and spending time exchanging experiences with colleagues from different companies; all working on the same task of making our computing environments more secure. This past October, Talos participated at the Virus […]