How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals. Read More HERE…

Read more

SeroXen Incorporates Latest BatCloak Engine Iteration

We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion capabilities and interoperability with other malware. Read More HERE…

Read more

New APT34 Malware Targets The Middle East

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers. Read More HERE…

Read more

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques. Read More HERE…

Read more

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell. Read More HERE…

Read more

Analyzing Email Services Abused for Business Email Compromise Threats Analyst Threat Researcher Threats Analyst Sr. Threat Researcher

We analyzed five major types of email channels, and the techniques in keywords and domain names BEC actors use to appear legitimate to potential victims. Read More HERE…

Read more

APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity RATs Threat Researcher Threat Researcher

In 2019, we wrote a blog entry about a threat actor, known as APT-C-36 or Blind Eagle, targeting entities in Colombia and other South American countries with spam emails. We have continued tracking this threat actor and share our new findings about APT-C-36’s ongoing spam campaign during that monitoring phase. Read More HERE…

Read more