#StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability

CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise (IOCs) and tactics, techniques, and procedures Read More …

Clop ransomware uses TrueBot malware for access to networks

Security researchers have noticed a spike in devices infected with the TrueBot malware downloader created by a Russian-speaking hacking group known as Silence. The Silence group is known for its big heists against financial institutions, and has begun to shift Read More …

Threat Assessment: Clop Ransomware

Unit 42 researchers have observed an uptick in Clop ransomware activity affecting the wholesale and retail, transportation and logistics, education, manufacturing, engineering, automotive, energy, financial, aerospace, telecommunications, professional and legal services, healthcare and high tech industries in the U.S., Europe, Read More …

ZeroLogon: Ransomware gang now using critical Windows flaw in attacks

Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoing attacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September. This time, Read More …

Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi

Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, Read More …

TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader Read More …

Bad Actors Sizing Up Systems Via Lightweight Recon Malware

These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. Well-known financial crime gang Cobalt Group and other threat actors have recently shifted tactics to incorporate lightweight modular downloaders that “vet” target machines for Read More …