Brute Ratel a commercial Red Team Operations framework developed by Chetan Nayak, an expert red teamer, has been used by attackers both in cybercrime and APT operations. This Red Team framework is designed to be capable of being highly evasive and undetectable by security products, as demonstrated by many shellcodes intercepted through hunting activities with […]
What are Advanced Persistent Threats(APT)
Cybercriminals often use an advanced persistent threat (APT) to sustain surveillance or attacks against targets. One of the most valuable assets in a business is its data. Cybercriminals use APTs to steal your information, including trade secrets and patents. Also, bad actors can use APTs to gain employee and client information for extortion or to […]
WIP19 Espionage
New Chinese APT Targets IT Service Providers and Telcos With Signed Malware SentinelLabs has been monitoring a threat cluster they track as WIP19, a group characterized by the usage of a legitimate, stolen digital certificate issued by a company called “DEEPSoft”. WIP19 has been targeting telecommunications and IT service providers in the Middle East and […]
POLONIUM APT group targets Isreal
ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group. According to ESET telemetry, POLONIUM has targeted more than a dozen organizations in Israel since at least September 2021, with the group’s most recent actions being observed in September 2022. POLONIUM’s toolset consists of seven custom backdoors: […]
PlugX RAT Loader Evolution
Cybereason GSOC investigates the PlugX malware family, a modular Remote Access Tool/Trojan (RAT) often utilized by Asia-based APT groups such as APT27. The malware has backdoor capabilities to take full control of the environment with its many malicious “plugins.” PlugX is a post-exploitation modular RAT (Remote Access Trojan), which, among other things, is known for […]
New Iranian APT Data Extraction Tool: HYPERSCRAPE
In December 2021, TAG discovered a novel APT35 (Charming Kitten) tool, named HYPERSCRAPE, used to steal user data from Gmail, Yahoo!, and Microsoft Outlook accounts. The attacker runs HYPERSCRAPE on their own machine to download victims’ inboxes using previously acquired credentials. Google has seen the tool deployed against fewer than two dozen accounts located in […]
ToddyCat: Unveiling an Unknown APT Actor Attacking High-Profile Entities in Europe and Asia
Description ToddyCat is a relatively new APT actor, its main distinctive signs are two formerly unknown tools called ‘Samurai backdoor’ and ‘Ninja Trojan’. The group started its activities in December 2020, compromising selected Exchange servers in Taiwan and Vietnam using an unknown exploit that led to the creation of a well-known China Chopper web shell, […]