Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-11-15FortinetAndrew Nicchi, John Simmons, Amey Gat, Mark Robson
@online{nicchi:20231115:investigating:f9d3365, author = {Andrew Nicchi and John Simmons and Amey Gat and Mark Robson}, title = {{Investigating the New Rhysida Ransomware}}, date = {2023-11-15}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/investigating-the-new-rhysida-ransomware}, language = {English}, urldate = {2023-11-22} } Investigating the New Rhysida Ransomware
Rhysida
2023-10-10MandiantMichael Barnhart, Austin Larsen, JEFF JOHNSON, Taylor Long, Michelle Cantos, Adrian Hernandez
@online{barnhart:20231010:assessed:258e711, author = {Michael Barnhart and Austin Larsen and JEFF JOHNSON and Taylor Long and Michelle Cantos and Adrian Hernandez}, title = {{Assessed Cyber Structure and Alignments of North Korea in 2023}}, date = {2023-10-10}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023}, language = {English}, urldate = {2023-10-10} } Assessed Cyber Structure and Alignments of North Korea in 2023
TraderTraitor
2023-09-28Ransomware.orgJohn E. Dunn
@online{dunn:20230928:scattered:cf9e5dc, author = {John E. Dunn}, title = {{The Scattered Spider Ransomware Group’s Secret Weapons? Social Engineering and Fluent English}}, date = {2023-09-28}, organization = {Ransomware.org}, url = {https://ransomware.org/blog/the-scattered-spider-ransomwares-secret-weapons-social-engineering-and-fluent-english/}, language = {English}, urldate = {2023-11-17} } The Scattered Spider Ransomware Group’s Secret Weapons? Social Engineering and Fluent English
2023-06-15MandiantAustin Larsen, John Palmisano, Mathew Potaczek, John Wolfram, Matthew McWhirt
@online{larsen:20230615:barracuda:f81b131, author = {Austin Larsen and John Palmisano and Mathew Potaczek and John Wolfram and Matthew McWhirt}, title = {{Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China}}, date = {2023-06-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally}, language = {English}, urldate = {2023-06-19} } Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
SALTWATER SEASPY
2023-05-26Trend MicroSarah Pearl Camiling, Paul John Bardon
@online{camiling:20230526:new:3fe96ae, author = {Sarah Pearl Camiling and Paul John Bardon}, title = {{New Info Stealer Bandit Stealer Targets Browsers, Wallets}}, date = {2023-05-26}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_in/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html}, language = {English}, urldate = {2023-08-01} } New Info Stealer Bandit Stealer Targets Browsers, Wallets
Bandit Stealer
2023-04-20MandiantJEFF JOHNSON, Fred Plan, ADRIAN SANCHEZ, RENATO FONTANA, Jake Nicastro, Dimiter Andonov, Marius Fodoreanu, DANIEL SCOTT
@online{johnson:20230420:3cx:9ef2c90, author = {JEFF JOHNSON and Fred Plan and ADRIAN SANCHEZ and RENATO FONTANA and Jake Nicastro and Dimiter Andonov and Marius Fodoreanu and DANIEL SCOTT}, title = {{3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible}}, date = {2023-04-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise}, language = {English}, urldate = {2023-04-25} } 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
POOLRAT IconicStealer
2023-04-18CitizenLabBill Marczak, John Scott-Railton, Bahr Abdul Razzak, Ron Deibert
@online{marczak:20230418:triple:c523e60, author = {Bill Marczak and John Scott-Railton and Bahr Abdul Razzak and Ron Deibert}, title = {{Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains}}, date = {2023-04-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/}, language = {English}, urldate = {2023-04-18} } Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains
2023-03-30Huntress LabsJohn Hammond
@online{hammond:20230330:3cx:bba6690, author = {John Hammond}, title = {{3CX VoIP Software Compromise & Supply Chain Threats}}, date = {2023-03-30}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats}, language = {English}, urldate = {2023-04-02} } 3CX VoIP Software Compromise & Supply Chain Threats
3CX Backdoor
2023-03-30IBMJohn Dwyer, Fred Chidsey, Joseph Lozowski
@online{dwyer:20230330:xforce:75bb496, author = {John Dwyer and Fred Chidsey and Joseph Lozowski}, title = {{X-Force Prevents Zero Day from Going Anywhere}}, date = {2023-03-30}, organization = {IBM}, url = {https://securityintelligence.com/posts/x-force-prevents-zero-day-from-going-anywhere}, language = {English}, urldate = {2023-04-06} } X-Force Prevents Zero Day from Going Anywhere
Silence
2023-03-28MandiantFred Plan, Van Ta, Michael Barnhart, Jeffery Johnson, Dan Perez, JOE DOBSON
@online{plan:20230328:apt43:878de2c, author = {Fred Plan and Van Ta and Michael Barnhart and Jeffery Johnson and Dan Perez and JOE DOBSON}, title = {{APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations}}, date = {2023-03-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage}, language = {English}, urldate = {2023-08-11} } APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
APT43
2023-03-28MandiantFred Plan, Van Ta, Michael Barnhart, JEFF JOHNSON, Dan Perez, JOE DOBSON
@online{plan:20230328:apt43:2cb37c1, author = {Fred Plan and Van Ta and Michael Barnhart and JEFF JOHNSON and Dan Perez and JOE DOBSON}, title = {{APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations}}, date = {2023-03-28}, organization = {Mandiant}, url = {https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report}, language = {English}, urldate = {2023-04-25} } APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
APT43 Kimsuky
2023-03-20SecurityIntelligenceJohn Dwyer
@online{dwyer:20230320:when:3f1345c, author = {John Dwyer}, title = {{When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule}}, date = {2023-03-20}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/defensive-considerations-lazarus-fudmodule/}, language = {English}, urldate = {2023-03-21} } When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule
FudModule
2023-03-16MandiantAlexander Marvi, BRAD SLAYBAUGH, DAN EBREO, Tufail Ahmed, Muhammad Umair, TINA JOHNSON
@online{marvi:20230316:fortinet:d6ae40c, author = {Alexander Marvi and BRAD SLAYBAUGH and DAN EBREO and Tufail Ahmed and Muhammad Umair and TINA JOHNSON}, title = {{Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation}}, date = {2023-03-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem}, language = {English}, urldate = {2023-04-22} } Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
UNC3886
2023-03-07TrellixPham Duy Phuc, Raghav Kapoor, John Fokker, Alejandro Houspanossian, Mathanraj Thangaraju
@online{phuc:20230307:qakbot:a1aef8e, author = {Pham Duy Phuc and Raghav Kapoor and John Fokker and Alejandro Houspanossian and Mathanraj Thangaraju}, title = {{Qakbot Evolves to OneNote Malware Distribution}}, date = {2023-03-07}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/research/qakbot-evolves-to-onenote-malware-distribution.html}, language = {English}, urldate = {2023-03-13} } Qakbot Evolves to OneNote Malware Distribution
QakBot
2023-01-24TrellixDaksh Kapur, Tomer Shloman, Robert Venal, John Fokker
@online{kapur:20230124:cyberattacks:0a05372, author = {Daksh Kapur and Tomer Shloman and Robert Venal and John Fokker}, title = {{Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity}}, date = {2023-01-24}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/research/cyberattacks-targeting-ukraine-increase.html}, language = {English}, urldate = {2023-01-25} } Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity
Andromeda Formbook Houdini Remcos
2023-01-05MandiantSarah Hawley, Gabby Roncone, Tyler McLellan, Eduardo Mattos, John Wolfram
@online{hawley:20230105:turla:f1d8f9b, author = {Sarah Hawley and Gabby Roncone and Tyler McLellan and Eduardo Mattos and John Wolfram}, title = {{Turla: A Galaxy of Opportunity}}, date = {2023-01-05}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/turla-galaxy-opportunity}, language = {English}, urldate = {2023-01-05} } Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY
2022-12-16AonJohn Ailes, Julia Paluch
@online{ailes:20221216:scl:c31cce9, author = {John Ailes and Julia Paluch}, title = {{SCL -1: The Dangerous Side Of Safe Senders}}, date = {2022-12-16}, organization = {Aon}, url = {https://www.aon.com/cyber-solutions/aon_cyber_labs/scl-1-the-dangerous-side-of-safe-senders/}, language = {English}, urldate = {2023-05-02} } SCL -1: The Dangerous Side Of Safe Senders
2022-11-28MandiantRyan Tomcik, John Wolfram, Tommy Dacanay, Geoff Ackerman
@online{tomcik:20221128:always:f073a0d, author = {Ryan Tomcik and John Wolfram and Tommy Dacanay and Geoff Ackerman}, title = {{Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia}}, date = {2022-11-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia}, language = {English}, urldate = {2022-12-02} } Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK
2022-10-09DataBreaches.netDissent
@online{dissent:20221009:johnson:159d164, author = {Dissent}, title = {{Johnson Fitness and Wellness hit by DESORDEN Group}}, date = {2022-10-09}, organization = {DataBreaches.net}, url = {https://www.databreaches.net/johnson-fitness-and-wellness-hit-by-desorden-group/}, language = {English}, urldate = {2023-11-27} } Johnson Fitness and Wellness hit by DESORDEN Group
2022-10-06AonAndre Maccarone, John Ailes, Chapin Bryce
@online{maccarone:20221006:amazon:2723756, author = {Andre Maccarone and John Ailes and Chapin Bryce}, title = {{Amazon Web Services: Exploring The Cost Of Exfil}}, date = {2022-10-06}, organization = {Aon}, url = {https://www.aon.com/cyber-solutions/aon_cyber_labs/amazon-web-services-exploring-the-cost-of-exfil/}, language = {English}, urldate = {2023-05-02} } Amazon Web Services: Exploring The Cost Of Exfil