This report reflects on the key threats that emerged or expanded in the 4th quarter of 2020.

This report provides a look into FIN11, a financially motivated threat group that has conducted some of the largest and longest running malware distribution campaigns to date.

A detailed technical analysis of the Kingminer botnet malware, including the C&C network, infection vectors, payload, and auxiliary components.

This is the threat landscape report from Fortinet for the 4th quarter of 2019. It goes into changes in this quarter, including threat detection changes and attack changes.

This report takes a look at a new global campaign targeting nuclear, defense, energy, and financial companies.

Fidelis Threat Research analysts have discovered a new version of ThreadKit, malware notorious for it’s use by the cybercrime organization known as Cobalt Group. This report will provide analysis of a recent campaign, seen October 30th , utilizing the Cobalt Group malware frameworks. Cobalt Group was believed to have suffered a hit earlier this year[1] with the reported arrest of one of its members. After the arrest, the campaigns appear to have slowed significantly however despite this, there has been continued development concerning the groups malware framework.

Unit 42 has discovered a persistent attack campaign operating primarily in the Middle East dating back to at least mid-2016 which we have named Magic Hound. This appears to be an attack campaign focused on espionage. We were able to collect over fifty samples of the tools used by the Magic Hound campaign using the AutoFocus threat intelligence tool. The earliest malware sample we were able to collect had a compile timestamp in May 2016. The samples themselves ranged from IRC bots, an open source Python remote access tool, malicious macros, and others. It is believed the use of specific tools may have coincided with specific attack waves by this adversary, with the most recent attacks using weaponized Microsoft Office documents with malicious macros. Due to the large amount of data collected, and limitations on attack telemetry, this blog will focus primarily on the most recent attacks occurring in the latter half of 2016.

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.

This post discusses the reports of open-source developers receiving malicious emails.

In this blog we will detail our discovery of the next two versions of MM Core, namely “BigBoss” (2.2-LNK) and “SillyGoose” (2.3-LNK). Attacks using “BigBoss” appear likely to have occurred since mid-2015, whereas “SillyGoose” appears to have been distributed since September 2016. Both versions still appear to be active.

CyberX has discovered a new, large-scale cyber-reconnaissance operation targeting a broad range of targets in the Ukraine. Because it eavesdrops on sensitive conversations by remotely controlling PC microphones – in order to surreptitiously “bug” its targets – and uses Dropbox to store exfiltrated data, CyberX has named it “Operation BugDrop.”

From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites. Various artifacts indicate that the main target of this campaign is IEC – Israel Electric Company. These include domains, file names, Java package names, and Facebook activity. We dubbed this campaign “Operation Electric Powder“.

Released in 2017, this report details the cyberthreats that Minerva dealt with in 2016.

The Blackmoon Banking Trojan was thought to be shut down in 2016. However, it has re-emerged. This paper provides a brief analysis of the revamped trojan.

This special report analyzes Email and the threats that occur in that environment.

This report takes a look at ATP28 a recognized state sponsored threat actor operating out of Russia.

This report takes a look at a North Korean CyberEspionage Groub.

Get a threat outlook for high tech and IT sectors as their relevance to economic, intelligence and security concerns make them more valuable targets.

This report from the Ahn Lab Security Emergency Response Center provides a review of various Cyber events that took place in the 1st QTR of 2017.

This monthly threat report takes a look at the month of January 2018. Specifically, it looks at two VULNS, the hacking of nuclear weapons, and the increase in suspected Chinese Cyber activity.

This report provides analysis and information related to Joao Malware which has attacked video gamers.