BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

We observed BazarLoader adding two new arrival mechanisms to their current roster of malware delivery techniques. Read More HERE…

Read more

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell. Read More HERE…

Read more

Analyzing Email Services Abused for Business Email Compromise Threats Analyst Threat Researcher Threats Analyst Sr. Threat Researcher

We analyzed five major types of email channels, and the techniques in keywords and domain names BEC actors use to appear legitimate to potential victims. Read More HERE…

Read more

APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity RATs Threat Researcher Threat Researcher

In 2019, we wrote a blog entry about a threat actor, known as APT-C-36 or Blind Eagle, targeting entities in Colombia and other South American countries with spam emails. We have continued tracking this threat actor and share our new findings about APT-C-36’s ongoing spam campaign during that monitoring phase. Read More HERE…

Read more

Tokyo Olympics Leveraged in Cybercrime Attack

Just before the opening of the Tokyo Olympics, we confirmed an attack that directed users from a fake TV broadcast schedule page to browser notification spam. Read More HERE…

Read more