Anomali Blog

Anomali Blog

Research

Phishing Campaign Targets Login Credentials of Multiple US, International Government Procurement Services

OverviewThe Anomali Threat Research Team identified a credential harvesting campaign designed to steal login details from multiple government procurement services. The procurement services are used by many public and private sector organisations to match buyers and suppliers. In this campaign, attackers spoofed sites for multiple international government departments, email...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: BMW Hacked By Hackers

The intelligence in this week’s iteration discuss the following threats: APT33, BankBot, CryusOne, Dridex, Magecart, Python, PyXie, OceanLotus, REvil, StrangHogg, The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Figure...
Read More


Research

Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine

OverviewThe Anomali Threat Research (ATR) team has identified malicious activity that we believe is being conducted by the Russia-sponsored Advanced Persistent Threat (APT) group Gamaredon (Primitive Bear). Some of the documents have been discussed by other researchers.[1] This Gamaredon campaign appears to have begun in mid-October 2019 and is ongoing...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Millions of Americans at Risk After Huge Data and SMS Leak

The intelligence in this week’s iteration discuss the following threats: Black Friday, Data breach, Emotet, Monero, Remote Access Trojan, RevengeHotels, Ryuk, Scam, Spearphishing, and XMRIG. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

The Lure of PSD2

OverviewThe Payment Services Directive (PSD) was adopted within the European Union in 2007. PSD is a directive aimed at regulating payment services with the intention to make cross-border payments in the EU as easy, efficient and secure as payments within a member state. PSD2 builds on the previous legislation in...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Banking Trojan Infects Victims via McDonald’s Malvertising

The intelligence in this week’s iteration discuss the following threats: Backdoors, Cryptocurrency, Data breaches, Malware, and Trojans. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Figure 1: IOC Summary Charts....
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Iranian Hacking Group Built It’s Own VPN Network

The intelligence in this week’s iteration discuss the following threats: APT33, DDoS Attacks, DoppelPaymer, Iran, POS Malware, Medical Equipment, TrickBot, Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Ransomware Attacks In Spain Leave Radio Station In “Hysteria”

The intelligence in this week’s iteration discuss the following threats: Calypso, China, DarkUniverse, Emotet, EternalBlue, Megacortex, Monero, Nanocore, Platinum, Ransomware, and Titanium. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Research

Leashing Cerberus

OverviewCerberus is an Android banking trojan first reported on by ThreatFabric in June 2019 that may have been active since at least 2017. The malware is for sale on a Russian hacking forum called xss[.]is where the actors behind its development are selling licenses for the service from $4000 - $12000. This...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Credential Phish Targets Employees with Salary Increase Scam

The intelligence in this week’s iteration discuss the following threats: APT, Data leak, Phishing, PII, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: AWS Left Reeling After Eight-Hour DDoS

The intelligence in this week’s iteration discuss the following threats: China, Iran, Magecart, Nautilus, Neuron, NordVPN, Spidey Bot, Turla, Waterbug, and Winnti Group. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Cyber Threat Intelligence

Anomali: History in the Making

Let me kick off this post by extending a big “thank you” to everyone who participated in Detect ‘19, our fourth annual threat intelligence industry conference. Hundreds of attendees spanning customers, partners, employees, and special guests joined us in National Harbor, Maryland to participate in this history-making cybersecurity...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Tor Weaponized to Steal Bitcoin

The intelligence in this week’s iteration discuss the following threats: APT29, Bitcoin theft, Blackremote, FTCode ransomware, Operation Ghost, and SDBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: 70% of Presidential Campaigns Fail to Provide Adequate Online Privacy and Security Protections

The intelligence in this week’s iteration discuss the following threats: BEC, Botnet, Data breach, Data leak, FIN7, Phishing, Ransomware, Vulnerability, and Zero-day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Research

Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect

SummaryRocke, a China-based cryptomining threat actor, has changed its Command and Control (C2) infrastructure away from Pastebin to a self-hosted solution during the summer of 2019. The setup scripts were hosted on the domains “lsd.systemten[.]org” and “update.systemten[.]org” as pastes. In September 2019, the...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Iran Caught Targeting US Presidential Campaign Accounts

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: Adwind, Casbanerio, Data Breach, Iran, PII, Phosphorus, Ransomware, Remote Access Trojan, RevengeRat. The IOCs related to these stories are attached to...
Read More


Research

China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations

OverviewThe Anomali Threat Research Team has identified an ongoing campaign which it believes is being conducted by the China-based threat group, Mustang Panda. The team first revealed these findings on Wednesday, October 2, during Anomali Detect 19, the company’s annual user conference, in a session titled: “Mustang Panda...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: US Military Veterans Targeted By Iranian State Hackers

The intelligence in this Weekly Threat Briefing discusses the following threats: APT10, China, DoorDash, Emotet, Fancy Bear, Gandcrab, Malvertising, Nodersok, PcShare, REvil, Ryuk Ransomware, Sednit, Sofacy, Spamouflage Dragon, STRONIUM, Trickbot, Tropic Thunder. The IOCs related to these stories are attached to the Community Threat Briefing and can be...
Read More


Cyber Threat Intelligence

Using Social Media (SOCMINT) in Threat Hunting

(Concepts and workflows developed by Chris Collins, Scott Poley, and Thomas Gorman)Social Media is such a prominent activity in our online lives.  It allows its users to communicate and share information. It can also be abused for fraud, cybercrime, and the distribution of misinformation.That being said, I...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Eight US Cities See Payment Data Card Stolen

The intelligence in this week’s iteration discuss the following threats: Emotet, Gootkit, Magecart, Payment card theft, Roomleader, and Tortoiseshell. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending ThreatsForcepoint...
Read More


Get the latest threat intelligence news in your email.