Month: December 2024
-
Recent Cases of Watering Hole Attacks, Part 1
This analysis focuses on a watering hole attack targeting a Japanese university research laboratory website in 2023. The attack used…
-
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
Aqua Nautilus researchers uncovered a new attack vector where threat actors exploit misconfigured JupyterLab and Jupyter Notebook applications to hijack…
-
Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
Earth Koshchei, an APT group suspected to be sponsored by the Russian SVR, executed a large-scale rogue RDP campaign targeting…
-
CoinLurker: The Stealer Powering the Next Generation of Fake Updates
CoinLurker is a sophisticated stealer designed to exfiltrate data while evading detection. Written in Go, it employs advanced obfuscation and…
-
New Yokai Sideloaded Backdoor Targets Thai Officials
A new backdoor named Yokai has been discovered targeting Thai officials. The malware is distributed via RAR files containing shortcut…
-
New Yokai Sideloaded Backdoor Targets Thai Officials
A new backdoor named Yokai has been discovered targeting Thai officials. The malware is distributed via RAR files containing shortcut…
-
Widespread Exploitation of Cleo File Transfer Software
Critical vulnerabilities in Cleo file transfer products, including VLTrader, Harmony, and LexiCom, are being actively exploited. Initially stemming from an…
-
Declawing PUMAKIT
PUMAKIT is a sophisticated multi-stage Linux malware consisting of a dropper, memory-resident executables, an LKM rootkit, and a userland rootkit.…
-
Declawing PUMAKIT
PUMAKIT is a sophisticated multi-stage Linux malware consisting of a dropper, memory-resident executables, an LKM rootkit, and a userland rootkit.…
-
Crypted Hearts: Exposing the HeartCrypt PackerasaService Operation
This analysis examines HeartCrypt, a new packer-as-a-service (PaaS) used to protect malware. Developed since July 2023 and launched in February…