Earth Preta Spear-Phishing Governments Worldwide

We break down the cyberespionage activities of advanced persistent threat (APT) group Earth Preta, observed in large-scale attack deployments that began in March. We also show the infection routines of the malware families they use to infect multiple sectors worldwide: TONEINS, TONESHELL, and PUBLOAD. Read More HERE…

Read more

CVE-2019-8561: A Hard-to-Banish PackageKit Framework Vulnerability in macOS

This blog entry details our investigation of CVE-2019-8561, a vulnerability that exists in the macOS PackageKit framework, a component used to install software installer packages (PKG files). Read More HERE…

Read more

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August. Read More HERE…

Read more

Massive Phishing Campaigns Target India Banks’ Clients

We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns. Read More HERE…

Read more

Attack Surface Management 2022 Midyear Review Part 3

In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year. Read More HERE…

Read more

Attack Surface Management 2022 Midyear Review Part 2

In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year. Read More HERE…

Read more

TeamTNT Returns – or Does It?

Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal. Read More HERE…

Read more