Verticals Targeted: Critical Infrastructure, Communications, Manufacturing, Utility, Transportation, Construction, Maritime, Government, Information Technology, Education
Related Families: AhMyth
Executive Summary
AhRAT, an Android RAT, was disguised as the iRecorder app. This malicious version of the iRecorder app is capable of recording audio and exfiltrating files from a victim’s device.
Related Families: BlackByte
Executive Summary
BlackByte NT, the most recently discovered variant of BlackByte ransomware, was recently reported by DuskRise. BlackByte NT is written in C++ and contains a variety of anti-analysis techniques in an attempt to thwart malware analysts.
Related Families: Cobalt Strike
Executive Summary
Geacon is a Cobalt Strike adaptation developed to target MacOS. Geacon versions are available to target both Apple silicon and Intel architectures.
Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation
Executive Summary
RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.
Related Families: Croxloader, SPHijacker, Behinder
Verticals Targeted: Government, Healthcare, Technology, Manufacturing
Executive Summary
Earth Longzhi, a Winnti subgroup, was recently observed using new TTPs, including a novel technique dubbed stack rumbling.
Related Families: CloudMensis, RambleOn
Executive Summary
Reaper was recently observed using new TTPs to drop RokRAT. The infection chain leveraged LNK files delivered via the energy sector and politic
Verticals Targeted: Financial
Executive Summary