This report discusses a key issue in a Malware-centric defense approach; it will leave you vulnerable to attacks that don’t leverage malware. (more available)

This paper discuses a particular Business Email Compromise that has appeared out of Nigeria.

In this survey of 40 CISO’s from major financial institutions, revealed trends in lateral movement, counter incident response, integrity attacks and the most concerning threat actors organizations face. (more available)

This paper takes a look at several bespoke backdoors deployed by OceanLotus Group, as well as evidence of the threat actor using obfuscated CobaltStrik Beacon payloads to perform C2. (more available)

Fidelis Threat Research analysts have discovered a new version of ThreadKit, malware notorious for it’s use by the cybercrime organization known as Cobalt Group. (more available)

This report provides a summary of OverWatch’s findings from intrusion hunting during the first half (January through June) of 2018. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. (more available)

The purpose of this document is to briefly describe the features of Necurs malware. During the analysis, we have been able to identify the different “features” and “capabilities” of the Necurs malware. (more available)

A trade war with China. A fragile agreement with North Korea. A growing fear of Russian hackers. Ahead of the 2018 U. (more available)

On April 20, Proofpoint observed a targeted campaign focused on financial analysts working at top global financial firms operating in Russia and neighboring countries. (more available)

In mid-July, Palo Alto Networks Unit 42 identified a small targeted phishing campaign aimed at a government organization. While tracking the activities of this campaign, we identified a repository of additional malware, including a web server that was used to host the payloads used for both this attack as well as others. (more available)

Palo Alto Networks Unit 42 has identified a series of phishing emails containing updated versions of the previously discussed CMSTAR malware family targeting various government entities in the country of Belarus. (more available)

Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta. (more available)

Unit 42 has been closely tracking the OilRig threat group since May 2016. One technique we’ve been tracking with this threat group is their use of the Clayslide delivery document as attachments to spear-phishing emails in attacks since May 2016. (more available)

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. (more available)

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013. (more available)

This post discusses the reports of open-source developers receiving malicious emails.

The DragonOK group has been actively launching attacks for years. We first discussed them in April 2015 when we witnessed them targeting a number of organizations in Japan. (more available)

This report provides new intelligence by the NCSC on two tools used by the Turla group to target the UK. It contains IOCs and signatures for detection by network defenders. (more available)

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware, including 11 new, unreported applications. (more available)

In this Kingslayer post-mortem report, RSA Research describes a sophisticated software application supply chain attack that may have otherwise gone unnoticed by its targets. (more available)

This report provides new insights into the Shamoon 2.0 and StoneDrill attacks, including: 1. The discovery techniques and strategies we used for Shamoon and StoneDrill. (more available)