Emotet now drops Cobalt Strike, fast forwards ransomware attacks

In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent. Emotet is a malware infection that spreads through spam emails containing malicious Word or Read More …

Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository. The discovery could make blue teams’ lives easier Read More …

Case Study: From BazarLoader to Network Reconnaissance

BazarLoader is Windows-based malware spread through various methods involving email. These infections provide backdoor access that criminals use to determine whether the host is part of an Active Directory (AD) environment. If so, criminals deploy Cobalt Strike and perform reconnaissance Read More …

BlackBerry ties malware campaign targeting victims in India to Chinese cyberespionage group

The BlackBerry Research & Intelligence team released a new report on Tuesday linking disparate malware campaigns to Chinese cyberespionage group APT41, noting that the group has been taking advantage of Cobalt Strike activity using a bespoke Malleable C2 Profile that Read More …

Hacker-made Linux Cobalt Strike beacon used in ongoing attacks

An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. Cobalt Strike is a legitimate penetration testing tool designed as an attack Read More …

FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020

The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations since at least November 2020 as a ransomware affiliate. The US federal law enforcement agency shared Read More …

Conti ransomware prioritizes revenue and cyberinsurance data theft

Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software and seek out cyber insurance policies. Earlier this month, a disgruntled affiliate posted to a hacking forum the Read More …