Threat Research

February 12, 2018

THREAT RESEARCH

Olympic Destroyer Takes Aim At Winter Olympics

The Winter Olympics this year is being held in Pyeongchang, South Korea. The Guardian, a UK Newspaper reported an article that suggested the Olympic computer systems suffered technical issues during...

October 24, 2017

THREAT RESEARCH

Threat Spotlight: Follow the Bad Rabbit

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly […]

September 20, 2017

THREAT RESEARCH

CCleaner Command and Control Causes Concern

This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner […]

September 15, 2017

THREAT RESEARCH

Threat Round Up for Sept 8 – Sept 15

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 08 and September 15. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]

September 7, 2017

THREAT RESEARCH

Another Apache Struts Vulnerability Under Active Exploitation

This post authored by Nick Biasini with contributions from Alex Chiu. Earlier this week, a critical vulnerability in Apache Struts was publically disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with an instance of XStream for deserialization without any type filtering. As […]

August 3, 2017

THREAT RESEARCH

Taking the FIRST look at Crypt0l0cker

This post is authored by Matthew Molyett. Executive Summary In March, Talos reported on the details of Crypt0l0cker based on an extensive analysis I carried out on the sample binaries. Binaries — plural — because, as noted in the original blog, the Crypt0l0cker payload leveraged numerous executable files which shared the same codebase. Those executables had nearly identical […]

June 27, 2017

THREAT RESEARCH

New Ransomware Variant “Nyetya” Compromises Systems Worldwide

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. For the most current info, please read our full blog on TalosIntelligence.com. Since the SamSam attacks that targeted US healthcare entities in March 2016, Talos has been concerned about […]

June 19, 2017

THREAT RESEARCH

Delphi Used To Score Against Palestine

Executive Summary This blog was authored by Paul Rascagneres and Warren Mercer with contributions from Emmanuel Tacheau, Vanja Svajcer and Martin Lee. Talos continuously monitors malicious emails campaigns. We identified one specific spear phishing campaign launched against targets within Palestine, and specifically against Palestinian law enforcement agencies. This campaign started in April 2017, using a […]

May 26, 2017

THREAT RESEARCH

Threat Round-up for May 19 – May 26

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 19 and May 26. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically […]