Executive Summary
AresLoader is a loader malware-as-a-service (MaaS) active in the wild since at least November 2022. AresLoader is designed to masquerade as legitimate software, while covertly downloading malicious payloads.
Executive Summary
BunnyLoader is a recently discovered malware-as-a-service (MaaS) threat being sold on multiple forums. It was released in September 2023 and appears to be under active development, with feature updates and bug fixes available.
Verticals Targeted: Government
Executive Summary
Deadglyph is a backdoor used by the Stealth Falcon threat actor group for espionage operations targeting entities in the Middle East.
Verticals Targeted: Financial
Executive Summary
BBTok, written in Delphi, is a banking trojan that has been active since at least 2020. A new variant was recently observed targeting financial entities in Latin America.
Related Families: HTTPSnoop, PipeSnoop
Verticals Targeted: Telecommunications
Executive Summary
ShroudedSnooper used the novel implants HTTPSnoop and PipeSnoop to target telecommunications entities in the Middle East.
Related Families: Mandibule, Cobalt Strike, Trochilus, RedLeaves
Verticals Targeted: Government
Executive Summary
China nexus threat actor group Earth Lusca was observed using a Linux-based backdoor dubbed SprySOCKS to target government entities.
Verticals Targeted: Gambling, Hospitality, Recreation
Executive Summary
MGM Resorts International was the victim of a recent cyber attack that impacted several systems, including its website, reservations, and in-casino services such as ATMs, slot machines, and credit card machines. ALPHV has taken credit for the attack.