Over the last two weeks, Varonis Threat Labs has observed one such RaaS provider, ALPHV (aka BlackCat ransomware), gaining traction since late 2021, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide. In addition, we observed KONNI, a Remote Administration Tool that has being used for at least 8 years. The North Korean threat actor that is using this piece of malware has being identified under the Kimsuky umbrella.
For more articles, check out our #onpatrol4malware blog.
Cryptocurrencies: tracing the evolution of criminal finances
Source: Europol
 Europol has undertaken an analysis of the criminal use of cryptocurrencies to support law enforcement and its response. The resultant report contains core definitions, case examples, and details of the challenges authorities face in combating the illicit use of cryptocurrency. Read more.
KONNI evolves into stealthier RAT
Source: MalwarebytesLab
KONNI is a Remote Administration Tool that has being used for at least 8 years. The North Korean threat actor that is using this piece of malware has being identified under the Kimsuky umbrella. Read more.
ALPHV (BlackCat) Ransomware
Source: Varonis
Varonis Threat Labs has observed one such RaaS provider, ALPHV (aka BlackCat ransomware), gaining traction since late 2021, actively recruiting new affiliates and targeting organizations across multiple sectors worldwide. Read more.
North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
Source: MalwarebytesLab
MalwarebytesLab provide technical analysis of this latest attack including a clever use of Windows Update to execute the malicious payload and GitHub as a command and control server. We have reported the rogue GitHub account for harmful content. Read more.
Threat actor of in-Tur-est
Source: pwc
 PwC observed a phishing page that prompted an investigation into a new threat actor we now call ‘White Tur’. Per our in-house naming convention for threat actors, the use of the colour ‘White’ indicates that we have not yet formally attributed White Tur as being based in a specific geographic location. Read more.
Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign
Source: CrowdStrike
StellarParticle, an adversary campaign associated with COZY BEAR, was active throughout 2021 leveraging novel tactics and techniques in supply chain attacks observed by CrowdStrike incident responders. Read more.
TrickBot Bolsters Layered Defenses to Prevent Injection Research
Source: SecurityIntelligence
The cybercrime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, has been escalating activity. As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls. Read more.