Threat Intelligence

Cyber Intel Brief

Weekly reports provided from the Deepwatch Threat Intel Team to improve situational awareness and education on the latest cyber threats.

Filter by:

Cyber Intel Brief: December 12-18, 2024

Malware via Teams and Ransomware on C2 Servers Dominate Threats as CISA Flags 8 Vulnerabilities, Including Apache Struts2

Cyber Intel Brief: December 5-11, 2024

LNK Attacks, Black Basta Malware, and a Surge in Leak Site Activity Highlight as CISA Highlights Exploited Vulnerabilities

Cyber Intel Brief: November 29 – December 4, 2024

Phishing Campaign Deploys RATs and Infostealers, Rhadamanthys Infection Chain Analyzed, 81 Firms Leaked, and CISA Adds North Grid, ProjectSend, and Zyxel Vulnerabilities

Cyber Intel Brief: November 21 – 27, 2024

BianLian Shifts Tactics Away from Ransomware, Chinese APT Earth Estries Expands Espionage Operations, 129 Firms Leaked, and CISA Highlights VMWare, Oracle, Apple, and Array Networks Vulnerabilities

Cyber Intel Brief: November 14 – 20, 2024

ClickFix Campaign Unleashes New Infostealer, DEEPDATA Malware Exploits Fortinet FortiClient Zero-Day, 69 Firms Leaked with Manufacturing Hit Hardest, and CISA Adds Progress and Palo Alto Vulnerabilities

Cyber Intel Brief: November 7 – 13, 2024

Threat Actors Exploit Teams, SharePoint, and OneDrive for Stealthy Malware Delivery, New ZIP File Tactic Unveiled, 142 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Key Vendor Vulnerabilities

Cyber Intel Brief: October 31-November 6, 2024

North Korea’s Ransomware Collaboration Escalates Threats, SharePoint Vulnerability CVE-2024-38094 Exploitation Details Released, 107 Firms Leaked with Manufacturing Most Affected, and CISA Adds PTZOptics Vulnerabilities

Cyber Intel Brief: October 24-30, 2024

FortiManager Zero-Day Exploited for Data Theft, ClickFix Campaign Threatens Organizations, 162 Firms Leaked with Manufacturing Most Affected, and CISA Adds Cisco, Roundcube, and Fortinet Vulnerabilities

Cyber Intel Brief: October 17-23, 2024

Iranian Actors Sell Critical Infrastructure Access, Bumblebee Returns with New Threats, 108 Firms Leaked with Professional Services Most Affected, and CISA Adds Microsoft, ScienceLogic, and Veeam Vulnerabilities

Cyber Intel Brief: October 10-16, 2024

Credential Harvesting Spreads via File-Hosting Platforms, Nation-State Hackers Exploit Ivanti Flaws, 113 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Key Vendor Vulnerabilities

Cyber Intel Brief: October 3-9, 2024

MedusaLocker Variant BabyLockerKZ Spreads Globally, Zimbra RCE Exploited in Phishing Attacks, 64 Firms Leaked with Professional Services Hit Hardest, and CISA Adds Synacor, Microsoft, and Qualcomm Vulnerabilities

Cyber Intel Brief: September 26-October 02, 2024

Critical UNIX/Linux Printing Flaws Enable RCE, Malvertising Drives BlackCat Ransomware, 73 Firms Leaked with Manufacturing Hit Hardest, and CISA Adds SAP, Motion Spell, DrayTek, and D-Link Vulnerabilities

Cyber Intel Brief: September 19-25, 2024

Shadow IT Risks Exposed in Server Compromise, Vice Society Targets Healthcare with INC Ransomware, 131 Firms Leaked Amid CL0P's Surge, and CISA Adds New Ivanti Vulnerabilities

Cyber Intel Brief: September 12-18, 2024

Critical Ivanti Vulnerability CVE-2024-29847 Exposed, WhatsUp Gold Targeted, Azure Storage Tool Misused for Data Theft, 72 Firms Leaked, and CISA Adds Major Vendor Vulnerabilities

Cyber Intel Brief: September 05-11, 2024

Earth Lusca Unveils KTLVdoor Backdoor, Russia's GRU Cyber Unit Exposed, 60 Firms Leaked with Manufacturing Hit Hardest, and CISA Adds Microsoft, ImageMagick, Linux, and SonicWall Vulnerabilities

Cyber Intel Brief: August 29-September 04, 2024

Iranian Hackers Join Forces with Ransomware Groups, BlackByte's Tactics Unveiled, RansomHub Compromises 200+ Organizations, New CVE-2023-22527 Exploits Deliver Godzilla Webshell, and CISA Updates

Cyber Intel Brief: August 22-28, 2024

PEAKLIGHT Memory-Only Malware Uncovered, Qilin Ransomware Strikes, ShinyHunters Target AWS in Extortion Campaign, 65 Firms Leaked, and CISA Adds New Vulnerabilities

Cyber Intel Brief: August 15-21, 2024

EDRKillShifter Targets Endpoint Defenses, Cloud Extortion Exploits .env Files, New DNS Tunneling Backdoor Emerges, Social Engineering Tactics Evolve, 90 Firms Hit by Ransomware, and CISA Updates Exploited List

Cyber Intel Brief: August 8-14, 2024

0.0.0.0 Day Browser Vulnerability Exposes Networks, CISA & FBI Update on Royal Ransomware, Cloud-Based Threats Rise, Qilin Ransomware's Global Impact, Earth Baku Expands Espionage, and Lockbit Leads Ransomware Surge

Cyber Intel Brief: August 1-7, 2024

Phishing Exploits TryCloudflare for RATs, Stealthy Windows Backdoor, Russian APT’s Free Service Malware, StormBamboo’s DNS Poisoning, RAT Unveiled in Ransomware Attack, Ransomware Activity Declines, and CISA Updates

Cyber Intel Brief: July 25-31, 2024

Onyx Sleet Indictments, Black Basta's Dangerous Tactics, ESXi Exploited in Ransomware Attacks, 100 New Ransomware Victims, and CISA Adds VMware, ServiceNow, Acronis Vulnerabilities

Cyber Intel Brief: July 18-24, 2024

Cyberespionage Uses Open-source Tools, FIN7 Tool AvNeutralizer Sold, SocGholish Delivers AsyncRAT, Serverless Computing Threats, Credit Card Data Theft via Swap Files, ICS Malware Modbus Threat, Ransomware Surge, and 2 New Vulnerabilities

Cyber Intel Brief: July 11-17, 2024

APT40's Espionage Techniques, FIN7's Vast Network Exposed, CRYSTALRAY's Credential Theft and Cryptomining, New APT41-Linked Malware, Snowflake Data Theft Impact, and Ransomware Leak Sites

Cyber Intel Brief: July 04 – July 10, 2024

Gootloader v3, Eldorado ransomware, Rejetto Update, MSBuild Abuse, data-leak site additions, and CISA Updates

Cyber Intel Brief: June 27 – July 03, 2024

Critical OpenSSH and Fortra FileCatalyst Vulnerabilities Exploited, Chinese APTs Blur Cybercrime Lines, P2Pinfect Botnet Upgraded, TeamViewer Breach Details, Velvet Ant Zero-Day Attack on Cisco, and CISA Updates

Cyber Intel Brief: June 20 – 26, 2024

SolarWinds Vulnerability Exploited, Rafel RAT Targets Android, UNC3886 Accesses VMs, MOVEit Transfer Exploited, BMANAGER Malware Emerges, 76 New Leaks, and CISA Updates

Cyber Intel Brief: June 13 – 19, 2024

‘Sleepy Pickle’ Targets ML Models, Scattered Spider Threatens Cloud Security, Copy-Paste Malware Rises, ShinyHunters Breach Snowflake, 87 New Leaks, and CISA Adds 3 Vulnerabilities

Cyber Intel Brief: June 06 – 12, 2024

DarkGate Malware Hits U.S. in Malspam Campaign, Chinese Cyber Espionage Groups Exposed, Snowflake Extortion Reveals Security Gaps, 82 Organizations Leaked, and CISA Updates Vulnerabilities Catalog

Cyber Intel Brief: May 30 – June 05, 2024

Active Exploits on Check Point, North Korean Moonstone Sleet Unveiled, and Snowflake Data Breach Underscores MFA Necessity

Cyber Intel Brief: May 23 – 29, 2024

BitLocker Hijacked by VBS Script, Rust-Based Embargo Ransomware Surges, CISA Alerts on New Vulnerabilities, and Tips to Defend Virtual Environments

Cyber Intel Brief: May 16 – 22, 2024

New Linux Backdoor from North Korea, LATRODECTUS Phishing Surge, Malicious LNK Files, Data Leak Sites Grow, and CISA Warns of 5 Active Vulnerabilities

Cyber Intel Brief: May 09 – 15, 2024

VPN RCEs Continue, LLMjacking, Social Engineering by Overload, Hundreds of Newly Published Data Leaks, and Chromium Vulns Added to the KEV Catalog

Cyber Intel Brief: May 02 – 08, 2024

Command Injection Vulnerability Exploits, Ransomware Surge, Data Leak Sites Multiply, and CISA Bolsters CVE Catalog

Cyber Intel Brief: April 25 – May 01, 2024

Critical Command Injection Vulnerability Exploited, IcedID & Dagon Locker Ransomware Active, Data Leak Sites Expand, and CISA Adds to the CVE Catalog

Cyber Intel Brief: April 18 – 24, 2024

OpenMetadata Vulnerabilities Mine Crypto, Spoofed IP Scanning Websites Target IT Teams, and DuneQuixote Campaign Includes Spanish Poetry to Deliver CR4T Backdoor

Cyber Intel Brief: April 11 – 17, 2024

Rhadamanthys Infostealer, Credit Card Skimmer in Fake Meta Pixel Tracker, and Operation Midnight Eclipse

Cyber Intel Brief: April 04 – 10, 2024

CoralRaider Gets Social, VenomRAT Deployed by ScrubCrypt, and Nearly 50 New Data Leak Victims

Cyber Intel Brief: March 28 – April 03, 2024

WarzoneRAT is Back, Ransomware Has a New Agenda, XZ Backdoor Delivered by Trusted Source, and the Latest from Data Leak Sites

Cyber Intel Brief: March 21 – 27, 2024

Kimsuky Updates Playbook, Turla Backdoor Attack Chain Exposed, StrelaStealer Debuts, and MuddyWater Rises

Cyber Intel Brief: March 14 – 20, 2024

Latest Phishing Tactics and Techniques, ShadowSyndicate Scanning Servers, and Fake Google Docs Pages Deliver Azorult Infostealer

Cyber Intel Brief: March 07 – 13, 2024

Infostealer Circulated Through Facebook, Magnet Goblin Deploys Malware, PLUS 3 Common Post Network Device Tactics and eRAT

Cyber Intel Brief: February 29 – March 06, 2024

CISA Exposes Phobos Affiliates, New Attack Chain Steals NTLM, Plus Terminator and BABYSHARK

Cyber Intel Brief: February 22 – 28, 2024

Russian Turla Deploys New Arsenal, Attackers Exploit ScreenConnect to Deliver Malware, and Cozy Bear Goes Cloud

Cyber Intel Brief: February 15 – 21, 2024

TicTacToe Dropper Is No Game, No Malware Needed for Access to Government Victim, and Tycoon Group Offers New Phishing-as-a-Service

Cyber Intel Brief: February 8 – 14, 2024

CISA Warns of Chinese Pre-Positioning for Attacks, New Raspberry Robin Variant, Bumblebee and Pikabot Return, Ivanti Vulnerability Deploys Unknown Webshell, and Nearly 100 New Ransomware Victims in a Week.

Cyber Intel Brief: February 1 – 7, 2024

Another Ivanti Connect Secure and Policy Secure Vulnerability, Details on the Cloudflare Attack, a New Variant of Mispadu Stealer, and Valid Account Abuse Challenges.

Cyber Intel Brief: January 25 – 31, 2024

Fake Website Impersonates Apple Apps, Midnight Blizzard Attacks Microsoft, Publicly-exposed RDP Gets Data Stolen and Ransomware in Three Hours

Cyber Intel Brief: January 18 – 24, 2024

Androxgh0st Spooks Targets, Iranian APT Spear Phishing, North Korean ScarCruft Campaign Planning, and Critical Vulnerabilities in Confluence

Cyber Intel Brief: January 11 – 17, 2024

Github Abuses, Ivanti Connect Secure VPN Compromises, New Cloud Hacking Tool FBot, and Phemedrone Infostealer Targets Microsoft Windows Defender SmartScreen

Cyber Intel Brief: January 4 – 10, 2024

NVIDIA Executable for DLL Sideloading, Phishing with AsyncRAT, and Compromised YouTube Channels Spread Lumma Stealer

Cyber Intel Brief: December 27, 2023 – January 4, 2024

New qBit Infostealer, Cybercriminals Utilize Microsoft's App Installer to Deploy Malware, and a Google Exploit Restores Expired Cookies to Allow Persistent Access

Cyber Intel Brief: December 21 – 27, 2023

Phishing Campaign Uses DarkGate RAT and NetSupport, ATI OSINT and Diligence Pays Dividends, and For Crying Out Loud–Stop Using Microsoft Exchange Server 2013

Cyber Intel Brief: December 13 – 20, 2023

CozyBear Exploits JetBrains TeamCity, Qakbot Gets Regifted, Phishing Campaign Uses Publicly Available Tool Predator, and an Unexpected Gift from CISA

Cyber Intel Brief: December 7 – 13, 2023

Russian APT Star Blizzard, Growing Insider Threats, Escalating QR Code Phishing, and the More_Eggs Backdoor

Cyber Intel Brief: November 29 – December 6, 2023

New Nova Infostealer, Gh0st RAT Evolves, New Toolset Unleashed, and a Look at Microsoft Outlook Attack Vectors

Cyber Intel Brief: November 22 – 29, 2023

Diamond Sleet Rains Worldwide, Two New Web Shell Threats, New Botnet GoTitan Discovered, and Malware Shop Persian Remote World Sells RATS

Cyber Intel Brief: November 16 – 22, 2023

Scattered Spider Targets IT Help Desks, Compromised VPN Credentials Lead to Rhysida, and a New Phishing Campaign Delivers Darkgate/Pikabot

Cyber Intel Brief: November 08 – 15, 2023

Lace Tempest Storms Zero-day, Confluence Suffers Vulnerability, APT MuddyWater Evolves C2, and BatLoaders Spread Infostealers

Cyber Intel Brief: November 02 – 08, 2023

Critical Apache ActiveMQ Vulnerability, New Millenium RAT & AsyncRAT, Socks5Systemz Botnet, and Gootloader Adds Gootbot

Cyber Intel Brief: October 25 – November 01, 2023

APT Octo-Tempest Methods, StripedFly Malware, NetSupport Manager Compromises, and Threat Actors Bypassing MFA

Cyber Intel Brief: October 18 – 25, 2023

Vulnerability in JetBrains TeamCity Servers, Massive Attacks lead to Cryptomining and Backdoors, SSH Servers Offer Threat Actors Opportunities, and New Dual DLL Sideloading Technique Deploys QasarRat

Cyber Intel Brief: October 12 – 18, 2023

Darkgate Malware Hits Skype and Teams, ToddyCat APT Creates Backdoors, Ether-Hiding Technique Moves Malware to Blockchain, and Ransomware Data Leak Sites Continue to Add Victims

Cyber Intel Brief: October 05 – 11, 2023

Qakbot Actors Distribute Ransom Knight Ransomware, Storm-0324 Leverages Microsoft Teams to Distribute JSSLoader, a new APT Grayling Emerges, and Rhysida Ransomware Operators Leverage Valid VPN Credentials

Cyber Intel Brief: September 28 – October 03, 2023

BlackTech Compromises Routers, Lumma Sets Up On Over 150 Servers, Ransomware Groups Repeatedly Hitting Victims, New Malware-as-a-Service Bunnyloader Surfaces, and EvilProxy Phishing Targets Job Site Indeed

Cyber Intel Brief: September 21 – 27, 2023
Cyber Intel Brief: September 14 – 20, 2023
Cyber Intel Brief: September 07 – 13, 2023
Cyber Intel Brief: August 29 – September 06, 2023
Cyber Intel Brief: August 24 – 30, 2023
Cyber Intel Brief: August 16 – 23, 2023
Cyber Intel Brief: August 10 – 16, 2023
Cyber Intel Brief: August 02 – 09, 2023
Cyber Intel Brief: July 26 – August 02, 2023
Cyber Intel Brief: July 19 – 26, 2023
Cyber Intel Brief: July 12 – 19, 2023
Cyber Intel Brief: July 06 – 12, 2023
Cyber Intel Brief: June 29 – July 05, 2023
Cyber Intel Brief: June 22 – 28, 2023
Cyber Intel Brief: June 14 – 21, 2023
Cyber Intel Brief: June 08 – 14, 2023
Cyber Intel Brief: June 01 – 07, 2023
Cyber Intel Brief: May 24 – 31, 2023
Cyber Intel Brief: May 18 – 24, 2023
Cyber Intel Brief: May 11 – 17, 2023
Cyber Intel Brief: May 04 – 10, 2023
Cyber Intel Brief: April 27 – May 03, 2023
Cyber Intel Brief: April 19 – 26, 2023
Cyber Intel Brief: April 13 – 19, 2023
Cyber Intel Brief: April 06 – 12, 2023
Cyber Intel Brief: Mar 30 – April 05, 2023
Cyber Intel Brief: Mar 23 – 29, 2023
Cyber Intel Brief: Mar 16 – 22, 2023
Cyber Intel Brief: Mar 09 – 15, 2023
Cyber Intel Brief: Mar 02 – 08, 2023
Cyber Intel Brief: Feb 23 – Mar 01, 2023
Cyber Intel Brief: Feb 15 – 22, 2023
Cyber Intel Brief: Feb 09 – 15, 2023
Cyber Intel Brief: Feb 02 – 08, 2023
Cyber Intel Brief: Jan 25 – Feb 01, 2023
Cyber Intel Brief: Jan 19 – 25, 2023
Cyber Intel Brief: Jan 12 – 18, 2023
Cyber Intel Brief: Jan 5 – 11, 2023
Cyber Intel Brief: Dec 29, 2022 – Jan 4, 2023
Cyber Intel Brief: Dec 21 – 28, 2022
Cyber Intel Brief: Dec 15 – 21, 2022
Cyber Intel Brief: Dec 8 – 14, 2022
Cyber Intel Brief: Dec 1 – 7, 2022
Cyber Intel Brief: Nov 24 – 30, 2022
Cyber Intel Brief: Nov 17 – 23, 2022
Cyber Intel Brief: Nov 10 – 16, 2022
Cyber Intel Brief: Nov 3 – 9, 2022
Cyber Intel Brief: Oct 27 – Nov 3, 2022
Cyber Intel Brief: Oct 20 – 26, 2022
Cyber Intel Brief: Oct 13 – 19, 2022
Cyber Intel Brief: Oct 6 – 12, 2022
Cyber Intel Brief: Sept 29 – Oct 5, 2022
Cyber Intel Brief: Sept 22 – 28, 2022
Cyber Intel Brief: Sept 14 – 21, 2022
Cyber Intel Brief: Sept 8 – 14, 2022
Cyber Intel Brief: Sept 1 – 7, 2022
Cyber Intel Brief: Aug 25 – 31, 2022
Cyber Intel Brief: Aug 18 – 24, 2022
Cyber Intel Brief: Aug 11 – 18, 2022
Cyber Intel Brief: Aug 4 – 10, 2022
Cyber Intel Brief: July 28 – Aug 03, 2022
Cyber Intel Brief: July 21 – 27, 2022
Cyber Intel Brief: July 14 – 20, 2022
Cyber Intel Brief: June 30 – July 6, 2022
Cyber Intel Brief: June 23 – 29, 2022
Cyber Intel Brief: June 16 – 22, 2022
Cyber Intel Brief: June 9 – 15, 2022
Cyber Intel Brief: June 2 – 8, 2022
Cyber Intel Brief: May 26 – June 1, 2022
Cyber Intel Brief: May 19 – 25, 2022
Cyber Intel Brief: May 12 – 18, 2022
Cyber Intel Brief: May 05 – 11, 2022
Cyber Intel Brief: April 28- May 4, 2022
Cyber Intel Brief: April 21-27, 2022
Cyber Intel Brief: April 14-20, 2022
Cyber Intel Brief: April 7-13, 2022
Cyber Intel Brief: March-31-April 6, 2022
Cyber Intel Brief: March-24-30, 2022
Cyber Intel Brief: March-17-23, 2022

Let's Talk

Ready to Become Cyber Resilient?

Meet with our managed security experts to discuss your use cases, technology and pain points and learn how Deepwatch can help.