Cybercrime, Quakbot exploits malicious xls armed with SilentBuilder
The latest signed campaign uses SHOECORP LIMITED corporate certificates to trick anti-viruses and download malware.
Cyber Espionage: APT actors are targeting U.S. Think Tanks
FBI and CISA cybersecurity experts: malicious hackers are trying steal sensitive information, acquire user credentials, and gain persistent access to victim networks.
Syria, Russia’s maxi intervention against Isis east of Deir Ezzor
Over 40 strikes by Moscow fighters on IS posts to stop the asmbushes on the SAA and militias in Badia. Meanwhile, Turkey continues to send forces south of Idlib.
Cybercrime, Ursnif/Gozi uses real compromised emails in the campaign in Italy
The password-protected compressed attachment contains a doc file. This contacts a link and downloads the dll that starts the malware infection.
Cyber Espionage: BISMUTH is leveraging Monero crypto-miners
Microsoft cybersecurity experts: The goal is to stay under the radar and establish persistence in targeted networks. The APT attacked France and Vietnam.
Syria, Turkey tries to seal Barah against the SAA offensive
New observation point south of Idlib, where massive reinforcements will converge. Ankara is aiming for escalation to justify mass military intervention in the province.
Cybercrime, Dridex still leverages Intuit Quickbooks in its global campaign
The email on an fake invoice contains an xlsm attachment. This contacts a random link from an internal list and downloads the dll, which starts the malware infection.
Cybercrime, LokiBot hides in a “Chinese boxes” campaign
The xlsm attachment downloads a doc file which downloads an executable that starts the malware infection. VelvetSweatshop used to evade anti viruses.
Cybercrime, Bitubit LLC-Aqua Direct s.r.o last Quakbot signed campaign victims
Threat actors exploit the company certificates to sign the attachment to decept the anti virus. Goal: to let the victims download and install QBot malware.
Cybercrime, Egregor gang changes “ransoms” in “contracts”
Ransomware victims become “clients”. The cybersecurity expert MalwareHunterTeam discovers a new press release by the group with rules and threats.