Related Families: Jocker
Executive Summary
Kaspersky recently reported on Harly, a trojan subscriber targeting Android devices. Harly can subscribe a victim to a paid service without their knowledge or consent.
Key Takeaways
Related Families: ZetaNile (BlindingCan), EventHorizon
Verticals Targeted: Media, Defense, IT Services, Aerospace
Executive Summary
Microsoft recently reported on North Korean threat actor group Lazarus using living off the land (LOTL) techniques to target multiple verticals. Weaponization of legitimate tools includes SSH clients PuTTY and KiTTY, as well as TightVNC Viewer, Sumatra PDF reader, and muPDF/Subliminal Recording installer.
Related Families: SmokeLoader, RedLine Stealer, PseudoManuscrypt, ColdStealer, FormatLoader, CsdiMonetize, Disbuk, Fabookie, DanaBot, Racealer, Generic.ClipBanker, SgnitLoader, ShortLoader, Downloader.INNO, LgoogLoader, Downloader.Bitser, C-Joker, PrivateLoader, Satacom, GCleaner, Vidar
Verticals Targeted: Multiple
Executive Summary
Kaspersky recently reported on NullMixer, a dropper used to drop a myriad of malware families, including SmokeLoader, RedLine Stealer, PseudoManuscrypt, ColdStealer, FormatLoader, CsdiMonetize, Disbuk, Fabookie, DanaBot, Racealer, Generic.ClipBanker, SgnitLoader, ShortLoader, Downloader.INNO, LgoogLoader, Downloader.Bitser, C-Joker, PrivateLoader, Satacom, GCleaner, and Vidar.
Related Families: Specter RAT, SideWalk (Windows)
Verticals Targeted: Education
Executive Summary
ESET recently reported on a SideWalk Linux variant. SideWalk is a backdoor used by the SparklingGoblin threat actor group.
Executive Summary
Sophos recently reported on Deadbolt ransomware, a malware family targeting QNAP devices. QNAP released an advisory on the affected products.
Verticals Targeted: Professional Services, Media and Entertainment, Manufacturing, Healthcare, Energy and Utilities, Education, Financial
Executive Summary
Cyble recently reported on BianLian, a new ransomware variant written in Go. It has been used to target multiple verticals.
Executive Summary
Cisco Talos researchers recently reported on new activity perpetrated by Russian nexus threat actor group Armageddon. The group is using a new infostealer to target entities in Ukraine.
Key Takeaways
Verticals Targeted: Think Tanks, Media, Government
Executive Summary
In early 2022, the North Korean threat actor group Kimsuky targeted a South Korean think tank and media entities. In this campaign, they leveraged what is known as the GoldDragon backdoor and associated C2 cluster.
Key Takeaways