Click here to download all references as Bib-File.
2023-01-17 ⋅ Trend Micro ⋅ Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures NjRAT |
2022-09-30 ⋅ ESET Research ⋅ Lazarus & BYOVD: evil to the Windows core FudModule |
2022-09-30 ⋅ ESET Research ⋅ Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium BLINDINGCAN FudModule |
2022-07-19 ⋅ Palo Alto Networks Unit 42 ⋅ Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive Cobalt Strike EnvyScout Gdrive |
2022-07-14 ⋅ Sophos ⋅ BlackCat ransomware attacks not merely a byproduct of bad luck BlackCat BlackCat |
2022-07-05 ⋅ Palo Alto Networks Unit 42 ⋅ When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors |
2022-06-06 ⋅ NCC Group ⋅ Shining the Light on Black Basta Black Basta |
2022-05-20 ⋅ nccgroup ⋅ Metastealer – filling the Racoon void MetaStealer |
2022-04-12 ⋅ Sophos ⋅ Attackers linger on government agency computers before deploying Lockbit ransomware LockBit |
2021-12-22 ⋅ Sophos ⋅ Avos Locker remotely accesses boxes, even running in Safe Mode AvosLocker |
2021-12-20 ⋅ IronNet ⋅ Detecting anomalous network traffic resulting from a successful Log4j attack |
2021-12-02 ⋅ Palo Alto Networks Unit 42 ⋅ APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus Godzilla Webshell |
2021-11-29 ⋅ Certitude ⋅ Unpatched Exchange Servers distribute Phishing Links (SquirrelWaffle) Squirrelwaffle |
2021-11-16 ⋅ IronNet ⋅ How IronNet's Behavioral Analytics Detect REvil and Conti Ransomware Cobalt Strike Conti IcedID REvil |
2021-11-07 ⋅ Palo Alto Networks Unit 42 ⋅ Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer Godzilla Webshell NGLite |
2021-10-12 ⋅ IronNet ⋅ Continued Exploitation of CVE-2021-26084 |
2021-10-07 ⋅ Palo Alto Networks Unit 42 ⋅ SilverTerrier – Nigerian Business Email Compromise |
2021-09-29 ⋅ Trend Micro ⋅ FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal Formbook |
2021-09-03 ⋅ Sophos ⋅ Conti affiliates use ProxyShell Exchange exploit in ransomware attacks Cobalt Strike Conti |
2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access Conti |