Pierluigi Paganini
August 17, 2024
FortiGuard Labs researchers uncovered an ongoing ValleyRAT malware campaign that is targeting Chinese-speaking users. ValleyRAT is a multi-stage malware that supports multiple techniques to monitor and control compromised devices. The malicious code is also used to deploy arbitrary plugins on the infected systems. A noteworthy characteristic of ValleyRAT malware is the heavy usage of shellcode […]
Pierluigi Paganini
August 16, 2024
Russian cybercriminals are advertising a new macOS malware called Banshee Stealer with a monthly subscription price of $3,000. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claim it can steal a broad range of data from compromised systems, including browser […]
Pierluigi Paganini
August 15, 2024
A cybercrime group linked to the RansomHub ransomware was spotted using a new tool designed to kill EDR software. Sophos reports that a cybercrime group, likely linked to the RansomHub ransomware operation, has been observed using a new EDR-killing utility that can terminate endpoint detection and response software on compromised systems. The researchers called the […]
Pierluigi Paganini
August 15, 2024
Experts linked an ongoing social engineering campaign, aimed at deploying the malware SystemBC, to the Black Basta ransomware group. Rapid7 researchers uncovered a new social engineering campaign distributing the SystemBC dropper to the Black Basta ransomware operation. On June 20, 2024, Rapid7 researchers detected multiple attacks consistent with an ongoing social engineering campaign being tracked […]
Pierluigi Paganini
August 14, 2024
China-linked threat actor Earth Baku expanded its operations in Europe, the Middle East, and Africa starting in late 2022. China-linked APT group Earth Baku (a threat actor associated with APT41) has expanded its operations beyond the Indo-Pacific region to Europe, the Middle East, and Africa. Trend Micro researchers observed the APT targeting countries like Italy, Germany, UAE, […]
Pierluigi Paganini
August 13, 2024
CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities. The campaign, tracked as UAC-0198, has been active since July. Threat actors sent out […]
Pierluigi Paganini
August 12, 2024
A campaign tracked as EastWind is targeting Russian government and IT organizations with PlugY and GrewApacha Backdoors. In late July 2024, Kaspersky researchers detected a series of targeted cyberattacks against the Russian government and IT organizations. Kaspersky named this campaign has EastWind. Threat actors sent phishing emails with RAR archive attachments containing a Windows shortcut […]
Pierluigi Paganini
August 10, 2024
A INC Ransom ransomware attack this week disrupted IT and phone systems at McLaren Health Care hospitals. On Tuesday, an INC Ransom ransomware attack hit the McLaren Health Care hospitals and disrupted their IT and phone systems. The organizations did not disclose details about the attack, however Bleeping Computer noticed that employees at McLaren Bay […]
Pierluigi Paganini
August 08, 2024
FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The advisory includes recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise […]
Pierluigi Paganini
August 07, 2024
A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. The malware has been active since July 2021, it is designed to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The […]
Uncategorized / January 15, 2026
