Ransomware: February 2022 review
The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this February 2022 ransomware review, we go over some the most...
View ArticleDouble header: IsaacWiper and CaddyWiper
As war in Ukraine rages, new destructive malware continues to be discovered. In this short blog post, we will review IsaacWiper and CaddyWiper, two new wipers that do not have much in common based on...
View ArticleNew spear phishing campaign targets Russian dissidents
This blog post was authored by Hossein Jazi. — Updated to clarify the two different campaigns (Cobalt Strike and Rat) Several threat actors have taken advantage of the war in Ukraine to launch a...
View ArticleNew UAC-0056 activity: There’s a Go Elephant in the room
This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and...
View ArticleColibri Loader combines Task Scheduler and PowerShell in clever persistence...
This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura (2022-04-07): Added MITRE ATT&CK mappings (2022-04-07): Changed the name of the final payload...
View ArticleRansomware: March 2022 review
The Malwarebytes Threat Intelligence team continuously monitors the threat landscape to stay on top of existing and emerging attacks. In this March 2022 ransomware review, we go over some of the most...
View ArticleNigerian Tesla: 419 scammer gone malware distributor unmasked
Agent Tesla is a well-known data stealer written in .NET that has been active since 2014 and is perhaps one of the most popular payloads observed in malspam campaigns. While looking for threats...
View ArticleRansomware: April 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. April 2022...
View ArticleAPT34 targets Jordan Government using new Saitama backdoor
On April 26th, we identified a suspicious email that targeted a government official from Jordan’s foreign ministry. The email contained a malicious Excel document that drops a new backdoor named...
View ArticleCustom PowerShell RAT targets Germans seeking information about the Ukraine...
This blog post was authored by Hossein Jazi and Jérôme Segura Populations around the world—and in Europe in particular—are following the crisis in Ukraine very closely, and with events unfolding on a...
View ArticleUnknown APT group has targeted Russia repeatedly since Ukraine invasion
An unknown Advanced Persistent Threat (APT) group has targeted Russian government entities with at least four separate spear phishing campaigns since late February, 2022. The campaigns, discovered by...
View ArticleFAQ: Mitigating Microsoft Office’s ‘Follina’ zero-day
On Monday May 30, 2022, Microsoft issued CVE-2022-30190 for a zero-day remote code vulnerability, ‘Follina’, already being exploited in the wild via malicious Word documents. Q: What exactly is...
View ArticleRansomware: May 2022 review
The Malwarebytes Threat Intelligence team monitors the threat landscape continuously and produces monthly ransomware reports based on a mixture of proprietary and open-source intelligence. Conti...
View ArticleMakeMoney malvertising campaign adds fake update template
Malware authors and distributors are following the ebbs and flow of the threat landscape. One campaign we have tracked for a numbers of years recently introduced a new scheme to possibly completely...
View ArticleTaking down the IP2Scam tech support campaign
Tech support scams follow a simple business model that has not changed much over the years. After all, why change a recipe that continues to yield large profits. We see countless such campaigns and...
View ArticleClient-side Magecart attacks still around, but more covert
This blog post was authored by Jérôme Segura We have seen and heard less buzz about ‘Magecart’ during the past several months. While some companies continue to rehash the same breaches of yesteryear,...
View ArticleRussia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
This blog post was authored by Hossein Jazi and Roberto Santos. In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting...
View ArticleRansomware review: June 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents...
View ArticleCobalt Strikes again: UAC-0056 continues to target Ukraine in its latest...
This blog was authored by Roberto Santos and Hossein Jazi The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that we attribute with high confidence...
View ArticleGoogle ads lead to major malvertising campaign
Fraudsters have long been leveraging the shady corners of the internet to place malicious adverts, leading users to various scams. However, every now and again we see a campaign that goes mainstream...
View Article
More Pages to Explore .....