Anomali Blog

Anomali Blog

Weekly Threat Briefing

Weekly Threat Briefing: Russian State Hackers Phish Euro Governments Ahead of Elections

The intelligence in this weekís iteration discuss the following threats: APT28, APT32, Cryptominer, FIN7, IoT, MageCart, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence

Anomali Joins No More Ransom Partnership Ecosystem

On the 25th of March, Anomali is proud to announce a supporting partnership with No More Ransom (NMR). Anomali innovates intelligence-driven solutions that address cyber security challenges to achieve a more secure world. NMR is a non-commercial public-private initiative launched in July 2016 which created a common portal containing relevant information...
Read More


Research

“Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution

Executive SummaryIn January 2019, researchers from Anomali Labs and Saudi Telecom Company (STC) observed a spike in phishing websites impersonating the Saudi Arabian Ministry of Interior’s e-Service portal known as “Absher”. Further analysis uncovered a broader phishing campaign targeting four different Kingdom of Saudi Arabia government...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware

The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malspam, Malware, Phishing, Point-of-Sale, Ransomware, RAT, Supply chain, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

Rocke Evolves Its Arsenal With a New Malware Family Written in Golang

SummaryThe “Rocke group”, a Chinese threat actor group who specializes in cryptojacking, has shifted gears on how they’re stealing your cycles. Rocke is actively updating and pushing a new dropper using Pastebin for Command and Control (C2). Recent updates to the C2 as of March 1...
Read More


Cyber Threat Intelligence

Threat Actor - A Love Story

The BreachIt’s 5am on a Saturday morning, you’re soundly sleeping after a hectic week as CISO of a large organization. Suddenly, the phone rings and wakes you up. The voice on the phone says one of the most dreaded phrases, “You need to get...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Email Verification Service Takes Itself Offline After 800 Million Records Get Publicly Exposed

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT40, Backdoor, Chafer, Data breach, IRIDIUM, Phishing, Malware, RATs, Ransomware, Vulnerabilities and Whitefly. The IOCs related to these stories are attached...
Read More


Anomali at RSA Conference 2019 - Better than Ever

This year's theme for RSA Conference 2019 was Better - better connections, better solutions, and a better digital world. After a full week of RSA activities and festivities, we're feeling better than ever about the incredible advances in the industry and the community's shared goal to make...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: North Korean Hackers Go On Phishing Expedition Before Trump-Kim Summit

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Attack vector, Botnet, Credential-stealer, Phishing, Spear phishing, Targeted attacks, Threat group, Trojan, and Vulnerabilities. The IOCs related to these stories...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: The Facebook Login Phishing Campaign Can Even Trick Savvy Users

The intelligence in this weekís iteration discuss the following threats: APT28, APT-C-36, Cryptominer, Data breach, Fbot, KEYMARBLE backdoor, Malware, Mimikatz, Phishing, RADMIN, Ransomware, Rietspoof, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

Online Bidding-Themed Phishing Campaigns Aims to Trick U.S. Federal Government Contractors

In late February 2019, Anomali Labs researchers discovered a malicious server hosting two separate phishing campaigns targeting government contractors desiring to do business with two U.S. federal government agencies. In both instances, the phisher created faux landing pages mimicking the Department of Transportation eProcurement login portal and the Department of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Chinese Facial Recognition Database Exposes 2.5m People

The intelligence in this week’s iteration discuss the following threats: APT, Data-theft, Malspam, Malware, Phishing, targeted attacks, Trojan, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More


Research

Phishing Campaign Spoofs United Nations and Multiple Other Organizations

Anomali Labs researchers recently discovered a phishing site masquerading as a login page for the United Nations (UN) Unite Unity, a single sign-on (SSO) application used by UN staff. When visitors attempt to login into the fraudulent page, their browser is redirected to an invitation for a film viewing at...
Read More


Research

Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme

On February 15th, 2019, Anomali Labs researchers found an active phishing page masquerading as a legitimate Texas Department of Transportation (TxDOT) online bidding website. The illegitimate portal <hxxps://www[.]txdot[.]gov[.]us.e-bid.sync.auth.moovindancestudio[.]com/secure/user-login/login[.]php> is being hosted on a suspected compromised server...
Read More


Threat Intelligence Platform

Transform Your CTI Program With the Anomali Threat Platform: Exploring 5 Common Use Cases

In this blog, we will be looking at a few popular use cases of Anomali Enterprise™, one of the core components of the Anomali Threat Platform. Anomali Enterprise is a powerful tool that addresses an industry-wide dilemma on how to leverage threat intelligence effectively. A key issue with most...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Google Spots Attacks Exploiting iOS Zero-Day Flaws

The intelligence in this weekís iteration discuss the following threats: Cryptominers, Data breach, ExileRAT, Malware, NanoCore, RATs, Remote code execution, Spear phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New SpeakUp Backdoor Infects Linux and macOS with Miners

The intelligence in this weekís iteration discuss the following threats: APT32, APT39, Backdoors, CookieMiner, Cryptominers, Data breach, Malspam, Malware, Phishing, SectorA05, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain?

Anomali Labs recently analyzed a large number of weaponized RTF phishing files related to APT groups aligned with Chinese and Indian state interests. This analysis has identified a shared object dimension and shared obfuscation methods across weaponized RTF files utilized by the APT groups known as Sidewinder (Indian State Interests),...
Read More


Threat Intelligence Platform

How I Learned to Stop Worrying about CVEs and Love Threat Intelligence (es)

In my previous job, one of my main responsibilities was related to consulting services. Most of my customers’ needs were in the field of compliance and security assessment, and one of the most frequent requests was a vulnerability assessment of their IT infrastructure. I frequently had to explain to...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Are Going After Cisco RV320/RV325 Routers Using A New Exploit

The intelligence in this week’s iteration discuss the following threats: Alert, Data leak, DNS tampering, Misconfigured database, Phishing, Ransomware, Trojan, Vulnerabilities, Website compromise and Zero-day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More


Get the latest threat intelligence news in your email.