In the second half of April, we noticed a growing wave of cyber attacks Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links.
Â
For more articles, check out our #onpatrol4malware blog.
Investigating a unique “form†of email delivery for IcedID malware
Source: Microsoft
Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. Read more.
BazarLoader deploys a pair of novel spam vectors
Source: SophosNews
Several waves of a spam-driven malware campaign that began in January leveraged the name recognition of remote-work collaboration tools like Slack and BaseCamp in links to malware. Read more.
Lazarus BTC Changer
Source: Group IB
In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple nature of such attacks combined with the use of malicious JavaScript. Read more.
Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware
Source: eSentire
eSentire, a leading cybersecurity solutions provider, reported today that business professionals are currently being lured to hacker-controlled websites, hosted on Google Sites, and inadvertently installing a known, emerging Remote Access Trojan (RAT). Read more.
Ranson mafia. Analysis of the world’s first ransomware cartel.Â
Source: Analyst1
In February 2021, a multinational law enforcement task-force arrested several Ukrainian men for supporting a long-standing ransomware gang known as Twisted Spider. The gang, first seen in May 2019, is behind high-dollar enterprise ransomware attacks. Read more.
Transparent Tribe APT Infrastructure Mapping
Source: Team Cymru
Transparent Tribe (APT36, Mythic Leopard, ProjectM, Operation C-Major) is the name given to a threat actor group largely targeting Indian entities and assets. Read more.
A Deep Dive into Zebrocy’s Dropper Docs
Source: SentinelLabs
Sofacy is an APT threat actor that’s been around since 2008 and rose to prominence with the election hacks of 2016. Better known as FancyBear or APT28. Read more.
Nearly half of malware now use TLS to conceal communications
Source: SophosNews
Transport Layer Security has been one of the greatest contributors to the privacy and security of Internet communications over the past decade. Read more.