Anomali Blog

Anomali Blog

Weekly Threat Briefing

Weekly Threat Briefing: Iran Caught Targeting US Presidential Campaign Accounts

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: Adwind, Casbanerio, Data Breach, Iran, PII, Phosphorus, Ransomware, Remote Access Trojan, RevengeRat. The IOCs related to these stories are attached to...
Read More


Research

China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations

OverviewThe Anomali Threat Research Team has identified an ongoing campaign which it believes is being conducted by the China-based threat group, Mustang Panda. The team first revealed these findings on Wednesday, October 2, during Anomali Detect 19, the company’s annual user conference, in a session titled: “Mustang Panda...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: US Military Veterans Targeted By Iranian State Hackers

The intelligence in this week’s iteration discuss the following threats: APT10, China, DoorDash, Emotet, Fancy Bear, Gandcrab, Malvertising, Nodersok, PcShare, REvil, Ryuk Ransomware, Sednit, Sofacy, Spamouflage Dragon, STRONIUM, Trickbot, Tropic Thunder. The IOCs related to these stories are attached to the Community Threat Briefing and can be used...
Read More


Cyber Threat Intelligence

Using Social Media (SOCMINT) in Threat Hunting

(Concepts and workflows developed by Chris Collins, Scott Poley, and Thomas Gorman)Social Media is such a prominent activity in our online lives.  It allows its users to communicate and share information. It can also be abused for fraud, cybercrime, and the distribution of misinformation.That being said, I...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Eight US Cities See Payment Data Card Stolen

The intelligence in this week’s iteration discuss the following threats: Emotet, Gootkit, Magecart, Payment card theft, Roomleader, and Tortoiseshell. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending ThreatsForcepoint...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Steal $4.2m From State Troopers’ Pension Fund

The intelligence in this week’s iteration discuss the following threats: LokiBot, Magecart, Nemty, NetWire, Purple Fox, Ryuk Ransomware, and WiryJMPer. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


10 Things To Do at Detect ‘19⁠ - The Threat Intelligence Event of the Year

Detect ‘19: September 29 - October 02, 2019 Gaylord National Resort & Convention Center National Harbor, MarylandDetect ‘19 is fast approaching, and we can’t wait to see everyone in National Harbor! Detect is the single largest conference dedicated to threat intelligence, and brings together the best and brightest minds in...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: A Huge Database of Facebook Users’ Phone Numbers Found Online

The intelligence in this week’s iteration discuss the following threats: APT, malspam, phishing, Targeted attacks, underground markets, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Google Researchers Discover Malicious Websites Hacking iPhones for Years

The intelligence in this week’s iteration discuss the following threats: CamScanner, Data Breaches, FIN6, iPhone Hacking, Quasar RAT, Retadup Botnet, REvil Ransomware, TA505, and TrickBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Cyber Threat Intelligence

Threat Hunting: Eight Tactics to a Better Cybersecurity Strategy

One of the bigger headaches I think we can all agree on in the Cyber Security business is the overuse of buzzwords, and the overlapping mutations of what they mean, depending on who’s saying them. Threat Hunting has certainly become one of those phrases. So what is threat...
Read More


Everything You Need to Know to Become a Guardian of the Cyberverse!

Join Us at Detect ‘19 the Threat Intelligence Event of the YearDetect '19 is the single largest conference dedicated to threat intelligence. We will be bringing together enterprise organizations and government agencies under one roof to learn about and discuss threat intelligence best practices and the ever-changing landscape of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: IRS Alerts Taxpayers to New Email Scam

The intelligence in this week’s iteration discuss the following threats: Adware, Data theft, Impersonation Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More


Research

Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks

revised on August 22, 2019Anomali researchers recently observed a site masquerading as a login page for a diplomatic portal linked to the French government. Further analysis of the threat actor’s infrastructure uncovered a broader phishing campaign targeting three different countries’ Ministry of Foreign Affairs agencies. Also targeted were...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: ECB Shuts Down Compromised BIRD Website

The intelligence in this week’s iteration discuss the following threats: BEC, Botnet malware, Data breach, Data leak, Pre-installed threats, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Research

Anomali Harris Poll: Ransomware Hits 1 in 5 Americans

Most Voters to Consider Candidates' Cybersecurity Records in Future ElectionsCybercriminals have been using ransomware to profit off of unprepared victims for more than a decade. Ransomware rose to infamy when the WannaCry and NotPetya attacks struck the world. Recently, attackers have collected more than a million dollars from the...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Cloud Atlas Threat Group Updates Weaponry with Polymorphic Malware

The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malware, Ransomware, Spearphishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More


Research

Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations

The Anomali Threat Research Team discovered a phishing site impersonating a login page for the Ministry of Foreign Affairs of the People's Republic of China email service. When visitors attempt to login to the fraudulent page, they are presented with a pop-up verification message asking users to close their...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: No Summer Break for Magecart as Web Skimming Intensifies

The intelligence in this week’s iteration discuss the following threats: Android Ransomware, Hexane Group, LookBack Malware, MageCart, and TrickBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending ThreatsLatest...
Read More


Research

Threat Actors Utilizing eCh0raix Ransomware Change NAS Targeting

IntroductionOn July 23, 2019, Synology Inc., a Taiwan-based Network Attached Storage (NAS) company, posted an advisory on safeguarding internet-connected Synology NAS devices from Ransomware attacks.[1] The storage devices are encrypted after attackers successfully brute-forcing administrator credentials by using default credentials or dictionary attacks. There are also public reports of ransomware and...
Read More


Cyber Threat Intelligence

Black Hat: What’s in a Name

Black Hat starts Sunday. Over the years, the conference has come to be known by many names, ranging from “cybersecurity summer camp” to “hacker boot camp.” Equally interesting is the array of titles for the dozens of Briefings and Arsenal presentations scheduled. There is simply...
Read More


Get the latest threat intelligence news in your email.