Threat Intelligence
Cyber Intel Brief
Weekly reports provided from the Deepwatch Threat Intel Team to improve situational awareness and education on the latest cyber threats.
Threat Intelligence
Weekly reports provided from the Deepwatch Threat Intel Team to improve situational awareness and education on the latest cyber threats.
Malware via Teams and Ransomware on C2 Servers Dominate Threats as CISA Flags 8 Vulnerabilities, Including Apache Struts2
LNK Attacks, Black Basta Malware, and a Surge in Leak Site Activity Highlight as CISA Highlights Exploited Vulnerabilities
Phishing Campaign Deploys RATs and Infostealers, Rhadamanthys Infection Chain Analyzed, 81 Firms Leaked, and CISA Adds North Grid, ProjectSend, and Zyxel Vulnerabilities
BianLian Shifts Tactics Away from Ransomware, Chinese APT Earth Estries Expands Espionage Operations, 129 Firms Leaked, and CISA Highlights VMWare, Oracle, Apple, and Array Networks Vulnerabilities
ClickFix Campaign Unleashes New Infostealer, DEEPDATA Malware Exploits Fortinet FortiClient Zero-Day, 69 Firms Leaked with Manufacturing Hit Hardest, and CISA Adds Progress and Palo Alto Vulnerabilities
Threat Actors Exploit Teams, SharePoint, and OneDrive for Stealthy Malware Delivery, New ZIP File Tactic Unveiled, 142 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Key Vendor Vulnerabilities
North Korea’s Ransomware Collaboration Escalates Threats, SharePoint Vulnerability CVE-2024-38094 Exploitation Details Released, 107 Firms Leaked with Manufacturing Most Affected, and CISA Adds PTZOptics Vulnerabilities
FortiManager Zero-Day Exploited for Data Theft, ClickFix Campaign Threatens Organizations, 162 Firms Leaked with Manufacturing Most Affected, and CISA Adds Cisco, Roundcube, and Fortinet Vulnerabilities
Iranian Actors Sell Critical Infrastructure Access, Bumblebee Returns with New Threats, 108 Firms Leaked with Professional Services Most Affected, and CISA Adds Microsoft, ScienceLogic, and Veeam Vulnerabilities
Credential Harvesting Spreads via File-Hosting Platforms, Nation-State Hackers Exploit Ivanti Flaws, 113 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Key Vendor Vulnerabilities
MedusaLocker Variant BabyLockerKZ Spreads Globally, Zimbra RCE Exploited in Phishing Attacks, 64 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Synacor, Microsoft, and Qualcomm Vulnerabilities
Critical UNIX/Linux Printing Flaws Enable RCE, Malvertising Drives BlackCat Ransomware, 73 Firms Leaked with Manufacturing Hit Hardest, and CISA Adds SAP, Motion Spell, DrayTek, and D-Link Vulnerabilities
Shadow IT Risks Exposed in Server Compromise, Vice Society Targets Healthcare with INC Ransomware, 131 Firms Leaked Amid CL0P's Surge, and CISA Adds New Ivanti Vulnerabilities
Critical Ivanti Vulnerability CVE-2024-29847 Exposed, WhatsUp Gold Targeted, Azure Storage Tool Misused for Data Theft, 72 Firms Leaked, and CISA Adds Major Vendor Vulnerabilities
Earth Lusca Unveils KTLVdoor Backdoor, Russia's GRU Cyber Unit Exposed, 60 Firms Leaked with Manufacturing Hit Hardest, and CISA Adds Microsoft, ImageMagick, Linux, and SonicWall Vulnerabilities
Iranian Hackers Join Forces with Ransomware Groups, BlackByte's Tactics Unveiled, RansomHub Compromises 200+ Organizations, New CVE-2023-22527 Exploits Deliver Godzilla Webshell, and CISA Updates
PEAKLIGHT Memory-Only Malware Uncovered, Qilin Ransomware Strikes, ShinyHunters Target AWS in Extortion Campaign, 65 Firms Leaked, and CISA Adds New Vulnerabilities
EDRKillShifter Targets Endpoint Defenses, Cloud Extortion Exploits .env Files, New DNS Tunneling Backdoor Emerges, Social Engineering Tactics Evolve, 90 Firms Hit by Ransomware, and CISA Updates Exploited List
0.0.0.0 Day Browser Vulnerability Exposes Networks, CISA & FBI Update on Royal Ransomware, Cloud-Based Threats Rise, Qilin Ransomware's Global Impact, Earth Baku Expands Espionage, and Lockbit Leads Ransomware Surge
Phishing Exploits TryCloudflare for RATs, Stealthy Windows Backdoor, Russian APT’s Free Service Malware, StormBamboo’s DNS Poisoning, RAT Unveiled in Ransomware Attack, Ransomware Activity Declines, and CISA Updates
Onyx Sleet Indictments, Black Basta's Dangerous Tactics, ESXi Exploited in Ransomware Attacks, 100 New Ransomware Victims, and CISA Adds VMware, ServiceNow, Acronis Vulnerabilities
Cyberespionage Uses Open-source Tools, FIN7 Tool AvNeutralizer Sold, SocGholish Delivers AsyncRAT, Serverless Computing Threats, Credit Card Data Theft via Swap Files, ICS Malware Modbus Threat, Ransomware Surge, and 2 New Vulnerabilities
APT40's Espionage Techniques, FIN7's Vast Network Exposed, CRYSTALRAY's Credential Theft and Cryptomining, New APT41-Linked Malware, Snowflake Data Theft Impact, and Ransomware Leak Sites
Gootloader v3, Eldorado ransomware, Rejetto Update, MSBuild Abuse, data-leak site additions, and CISA Updates
Critical OpenSSH and Fortra FileCatalyst Vulnerabilities Exploited, Chinese APTs Blur Cybercrime Lines, P2Pinfect Botnet Upgraded, TeamViewer Breach Details, Velvet Ant Zero-Day Attack on Cisco, and CISA Updates
SolarWinds Vulnerability Exploited, Rafel RAT Targets Android, UNC3886 Accesses VMs, MOVEit Transfer Exploited, BMANAGER Malware Emerges, 76 New Leaks, and CISA Updates
‘Sleepy Pickle’ Targets ML Models, Scattered Spider Threatens Cloud Security, Copy-Paste Malware Rises, ShinyHunters Breach Snowflake, 87 New Leaks, and CISA Adds 3 Vulnerabilities
DarkGate Malware Hits U.S. in Malspam Campaign, Chinese Cyber Espionage Groups Exposed, Snowflake Extortion Reveals Security Gaps, 82 Organizations Leaked, and CISA Updates Vulnerabilities Catalog
Active Exploits on Check Point, North Korean Moonstone Sleet Unveiled, and Snowflake Data Breach Underscores MFA Necessity
BitLocker Hijacked by VBS Script, Rust-Based Embargo Ransomware Surges, CISA Alerts on New Vulnerabilities, and Tips to Defend Virtual Environments
New Linux Backdoor from North Korea, LATRODECTUS Phishing Surge, Malicious LNK Files, Data Leak Sites Grow, and CISA Warns of 5 Active Vulnerabilities
VPN RCEs Continue, LLMjacking, Social Engineering by Overload, Hundreds of Newly Published Data Leaks, and Chromium Vulns Added to the KEV Catalog
Command Injection Vulnerability Exploits, Ransomware Surge, Data Leak Sites Multiply, and CISA Bolsters CVE Catalog
Critical Command Injection Vulnerability Exploited, IcedID & Dagon Locker Ransomware Active, Data Leak Sites Expand, and CISA Adds to the CVE Catalog
OpenMetadata Vulnerabilities Mine Crypto, Spoofed IP Scanning Websites Target IT Teams, and DuneQuixote Campaign Includes Spanish Poetry to Deliver CR4T Backdoor
Rhadamanthys Infostealer, Credit Card Skimmer in Fake Meta Pixel Tracker, and Operation Midnight Eclipse
CoralRaider Gets Social, VenomRAT Deployed by ScrubCrypt, and Nearly 50 New Data Leak Victims
WarzoneRAT is Back, Ransomware Has a New Agenda, XZ Backdoor Delivered by Trusted Source, and the Latest from Data Leak Sites
Kimsuky Updates Playbook, Turla Backdoor Attack Chain Exposed, StrelaStealer Debuts, and MuddyWater Rises
Latest Phishing Tactics and Techniques, ShadowSyndicate Scanning Servers, and Fake Google Docs Pages Deliver Azorult Infostealer
Infostealer Circulated Through Facebook, Magnet Goblin Deploys Malware, PLUS 3 Common Post Network Device Tactics and eRAT
CISA Exposes Phobos Affiliates, New Attack Chain Steals NTLM, Plus Terminator and BABYSHARK
Russian Turla Deploys New Arsenal, Attackers Exploit ScreenConnect to Deliver Malware, and Cozy Bear Goes Cloud
TicTacToe Dropper Is No Game, No Malware Needed for Access to Government Victim, and Tycoon Group Offers New Phishing-as-a-Service
CISA Warns of Chinese Pre-Positioning for Attacks, New Raspberry Robin Variant, Bumblebee and Pikabot Return, Ivanti Vulnerability Deploys Unknown Webshell, and Nearly 100 New Ransomware Victims in a Week.
Another Ivanti Connect Secure and Policy Secure Vulnerability, Details on the Cloudflare Attack, a New Variant of Mispadu Stealer, and Valid Account Abuse Challenges.
Fake Website Impersonates Apple Apps, Midnight Blizzard Attacks Microsoft, Publicly-exposed RDP Gets Data Stolen and Ransomware in Three Hours
Androxgh0st Spooks Targets, Iranian APT Spear Phishing, North Korean ScarCruft Campaign Planning, and Critical Vulnerabilities in Confluence
Github Abuses, Ivanti Connect Secure VPN Compromises, New Cloud Hacking Tool FBot, and Phemedrone Infostealer Targets Microsoft Windows Defender SmartScreen
NVIDIA Executable for DLL Sideloading, Phishing with AsyncRAT, and Compromised YouTube Channels Spread Lumma Stealer
New qBit Infostealer, Cybercriminals Utilize Microsoft's App Installer to Deploy Malware, and a Google Exploit Restores Expired Cookies to Allow Persistent Access
Phishing Campaign Uses DarkGate RAT and NetSupport, ATI OSINT and Diligence Pays Dividends, and For Crying Out Loud–Stop Using Microsoft Exchange Server 2013
CozyBear Exploits JetBrains TeamCity, Qakbot Gets Regifted, Phishing Campaign Uses Publicly Available Tool Predator, and an Unexpected Gift from CISA
Russian APT Star Blizzard, Growing Insider Threats, Escalating QR Code Phishing, and the More_Eggs Backdoor
New Nova Infostealer, Gh0st RAT Evolves, New Toolset Unleashed, and a Look at Microsoft Outlook Attack Vectors
Diamond Sleet Rains Worldwide, Two New Web Shell Threats, New Botnet GoTitan Discovered, and Malware Shop Persian Remote World Sells RATS
Scattered Spider Targets IT Help Desks, Compromised VPN Credentials Lead to Rhysida, and a New Phishing Campaign Delivers Darkgate/Pikabot
Lace Tempest Storms Zero-day, Confluence Suffers Vulnerability, APT MuddyWater Evolves C2, and BatLoaders Spread Infostealers
Critical Apache ActiveMQ Vulnerability, New Millenium RAT & AsyncRAT, Socks5Systemz Botnet, and Gootloader Adds Gootbot
APT Octo-Tempest Methods, StripedFly Malware, NetSupport Manager Compromises, and Threat Actors Bypassing MFA
Vulnerability in JetBrains TeamCity Servers, Massive Attacks lead to Cryptomining and Backdoors, SSH Servers Offer Threat Actors Opportunities, and New Dual DLL Sideloading Technique Deploys QasarRat
Darkgate Malware Hits Skype and Teams, ToddyCat APT Creates Backdoors, Ether-Hiding Technique Moves Malware to Blockchain, and Ransomware Data Leak Sites Continue to Add Victims
Qakbot Actors Distribute Ransom Knight Ransomware, Storm-0324 Leverages Microsoft Teams to Distribute JSSLoader, a new APT Grayling Emerges, and Rhysida Ransomware Operators Leverage Valid VPN Credentials
BlackTech Compromises Routers, Lumma Sets Up On Over 150 Servers, Ransomware Groups Repeatedly Hitting Victims, New Malware-as-a-Service Bunnyloader Surfaces, and EvilProxy Phishing Targets Job Site Indeed
Let's Talk
Meet with our managed security experts to discuss your use cases, technology and pain points and learn how Deepwatch can help.