Cyber Espionage, new global campaign by Cicada
Symantec cybersecurity experts: The China-linked APT used unpatched vulnerabilities in Microsoft Exchange, the Sodamaster backdoor and other custom malware and tools.
Cybercrime, here it come Daxin: a new stealthy backdoor made in China
Symantec cybersecurity experts: The Slug malware uses hijacked TCP communications to connect on networks with strict firewall rules for cyber espionage purpose.
Cyber Espionage, Iran targets Middle East-Asia TLC Operators
Symantec cybersecurity experts: The MuddyWater APT (MERCURY, SeedWorm and TEMP.Zagros) used legitimate tools, publicly available malware, and living-off-the-land tactics.
Cybercrime, Yanluowang is a new ransomware used in targeted attacks
Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Cyber Espionage, Chinese hackers exploit anti virus flaws to strike
Recorded Future cybersecurity experts: Unit 61419 bought small English AV batches from Western companies through intermediaries.
Cyber Espionage, APT10 use ZeroLogon flaw against Japan organizations
Symantec cybersecurity experts: The Chinese state-sponsored group leverages living-off-the-land tools and custom malware, as Backdoor.Hartip, to spy victims.
Cybercrime, Sodinokibi attackers leverage Cobalt Strike and scan for POS
Symantec cyber security experts spotted a ransomware campaign which exploits legitimate tools and both malware to earn big profits from large-multinational companies.
Cybercrime: JsOutProx, a new enterprise grade malware
Yoroi-Cybaze Zlab cyber security experts: It has been designed to hit High-Value targets, and probably is still under development. It uses extensively obfuscation anti-reverse techniques.
Cybercrime spread Xhelper, a new really persistent Android dropper
Symantec cyber security experts: The malware is able to hide and reinstall itself, downloading other threats and display ads. It already infected 45,000 devices in past 6 months.
Cybercrime embed malware in WAV audio files
Cylance cyber security experts: Some contain code associated with the XMRig Monero CPU miner. Others included Metasploit. One loader use steganography to decode-execute PE file.