Over the last two weeks we saw the new Prestige ransomware that impacts organizations in Ukraine and Poland. Also, Cisco Talos discovered a new attack framework including a command and control (C2) tool called Alchimist and a new malware Insekt with remote administration capabilities.
For more articles, check out our #onpatrol4malware blog.
HTML File Attachments: Still A Threat
Source: TrustWave
This past month, Trustwave SpiderLabs observed that HTML (Hypertext Markup Language) file attachments had become a common occurrence in our spam traps, which is not unusual since malware is often delivered through phishing spam. Read more.
BlackByte ransomware affiliate observed using new custom data exfiltration tool
Source: SC Media
At least one BlackByte ransomware affiliate has adopted a new custom exfiltration tool to quickly steal data from compromised devices, according to new research from Symantec Threat Hunter Team. Read more.
Ransom Cartel Ransomware: A Possible Connection With REvil
Source: Unit42
Ransom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware. Read more.
New Prestige ransomware impacts organizations in Ukraine and Poland
Source: Microsoft Security Threat Intelligence
The MSTIC has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. Read more.
Banks face their ‘darkest hour’ as malware steps up, maker of antivirus says
Source: The Register
Crimeware targeting banks and other financial services organizations today features sophisticated capabilities and evasion tools, according to Kaspersky’s lead security researcher Sergey Lozhkin. Read more.
Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong
Source: Symantec
Activity appears to be a continuation of previously documented Operation CuckooBees campaign. Symantec has observed a likely continuation of the Operation CuckooBees activity, this time targeting organizations in Hong Kong. Read more.
Black Basta Ransomware
Source: Check Point
As reported by Check Point at the end of H1 2022, 1 out of 40 organizations worldwide were impacted by ransomware attacks, which constitutes a worrying 59% increase over the past year. Read more.
Alchimist: A new attack framework in Chinese for Mac, Linux and Window
Source: Check Point
Cisco Talos discovered a new attack framework including a command and control (C2) tool called “Alchimist” and a new malware “Insekt” with remote administration capabilities. Read more.