Cobalt Strike

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Malware Analysis

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Elastic Security Labs has uncovered a sophisticated malware campaign targeting Iraq’s telecommunications sector, utilizing a new malware...

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Threat Intelligence

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Cybersecurity researchers have uncovered a campaign involving hijacked npm packages, some over nine years old, that were...

Critical Microsoft Exchange Vulnerability Exploited in Phishing Campaigns Targeting Russian Entities

Threat Intelligence

Critical Microsoft Exchange Vulnerability Exploited in Phishing Campaigns Targeting Russian Entities

Security researchers have identified active exploitation of a high-severity Microsoft Exchange vulnerability (CVE-2023-XXXX) in targeted phishing campaigns...

INTERPOL’s Global Cybercrime Crackdown: 306 Arrested, 1,842 Devices Seized

APT-News

INTERPOL’s Global Cybercrime Crackdown: 306 Arrested, 1,842 Devices Seized

In a coordinated international operation, INTERPOL has arrested 306 suspects and seized 1,842 electronic devices in a...

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

CVE News

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

A newly identified threat, Trojan.W97M.CVE202140444.A, exploits a critical Microsoft Office vulnerability (CVE-2021-40444) to execute remote code through...

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Malware Analysis

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Ransom.Win64.CONTI.AA, a variant of the notorious Conti ransomware family, remains a significant threat to Windows systems despite...

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Malware Analysis

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Trojan.W97M.EMOTET.SMI is a variant of the notorious Emotet malware, primarily spread through malicious Microsoft Office documents. Despite...

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

APT-News

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

A China-linked advanced persistent threat group known as Earth Baxia has been conducting targeted attacks against government...

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

Fig. 1 – A screenshot showing the results of Get-InjectedThreadEx scanning a process into which a 4.11 Beacon has just been injected.

C2-Updates

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

DNS Over HTTPS Beacon The new DoH implementation blends DNS C2 with legitimate web traffic: Default configuration...

Cobalt Strike

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Critical Microsoft Exchange Vulnerability Exploited in Phishing Campaigns Targeting Russian Entities

INTERPOL’s Global Cybercrime Crackdown: 306 Arrested, 1,842 Devices Seized

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….

You may have missed

Hong Kong Data Breach: 128,000 Records Exposed Due to System Neglect and Outdated Infrastructure

Oracle’s SaaS Breach Cover-Up Exposed: Evidence Contradicts Denials

National Defense Corporation Ransomware Attack: Breach Disclosed, Ransom Refused

Lucid PhaaS Platform Targets iOS and Android Users via iMessage and RCS