Anomali Blog

Anomali Blog

Weekly Threat Briefing

Weekly Threat Briefing: Over Half of Organisations Were Successfully Phished In 2019

The various threat intelligence stories in this iteration of the Weekly Threat Briefing (WTB) discusses the following topics: BitPyLock, Business Email Compromise, Data Breaches, Konni Group, Phishing and Zero-Day Bugs. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check...
Read More


Research

APTs & Threat Actors That May Increase Hostile Activity Due to Elimination of Iranian General Quassem Suleimani

The Anomali Threat Research Team monitors the global cyberthreat landscape continually. Our experts focus on geographies of interest, provide around-the-clock intelligence on adversaries, and guidance on how to defend networks and people against cyberattacks.Anomali has been monitoring the Middle East long before the current situation with Iran developed. For...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Australia Bushfire Donation Site Suffered MageCart Attack

The intelligence in this week’s iteration discuss the following threats: APT40, APT28, data-breach, Trickbot, phishing, targeted attacks, JhoneRAT, Pegasus. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Figure 1 - IOC...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Iranian Hackers Have Been ‘Password-Spraying’ the US Grid

The intelligence in this week’s iteration discuss the following threats: APTs, Credential theft, Iran, Malware, Ransomware, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1: IOC Summary...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Colorado Town Wires Over $1 Million To BEC Scammers

The intelligence in this week’s iteration discuss the following threats: BabyShark, Fraud, Maze Ransomware, North Korea, POS malware, Ransomware, Rowhammer, Ryuk Ransomware, Thallium. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Emotet Gang Changes Tactics Ahead of the Winter Holidays

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week's iteration discuss the following threats: APT20, Dudell, Malspam, Phishing, Poison Frog, Rancor, Stronium, Targeted attacks, Tokyo Olympics 2020, and Zero-day. The IOCs related to these stories are attached...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Visa Warns of Targeted PoS Attacks on Gas Station Merchants

The intelligence in this week’s iteration discuss the following threats: Backdoor, BlackTech, Data Breach, Ransomware, Snatch, Trickbot, Vega, WaterBear, Zeppelin. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Figure 1...
Read More


Research

Phishing Campaign Targets Login Credentials of Multiple US, International Government Procurement Services

OverviewThe Anomali Threat Research Team identified a credential harvesting campaign designed to steal login details from multiple government procurement services. The procurement services are used by many public and private sector organisations to match buyers and suppliers. In this campaign, attackers spoofed sites for multiple international government departments, email...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: BMW Hacked By Hackers

The intelligence in this week’s iteration discuss the following threats: APT33, BankBot, CryusOne, Dridex, Magecart, Python, PyXie, OceanLotus, REvil, StrangHogg, The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Figure...
Read More


Research

Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine

OverviewThe Anomali Threat Research (ATR) team has identified malicious activity that we believe is being conducted by the Russia-sponsored Advanced Persistent Threat (APT) group Gamaredon (Primitive Bear). Some of the documents have been discussed by other researchers.[1] This Gamaredon campaign appears to have begun in mid-October 2019 and is ongoing...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Millions of Americans at Risk After Huge Data and SMS Leak

The intelligence in this week’s iteration discuss the following threats: Black Friday, Data breach, Emotet, Monero, Remote Access Trojan, RevengeHotels, Ryuk, Scam, Spearphishing, and XMRIG. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Research

The Lure of PSD2

OverviewThe Payment Services Directive (PSD) was adopted within the European Union in 2007. PSD is a directive aimed at regulating payment services with the intention to make cross-border payments in the EU as easy, efficient and secure as payments within a member state. PSD2 builds on the previous legislation in...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Banking Trojan Infects Victims via McDonald’s Malvertising

The intelligence in this week’s iteration discuss the following threats: Backdoors, Cryptocurrency, Data breaches, Malware, and Trojans. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Figure 1: IOC Summary Charts....
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Iranian Hacking Group Built It’s Own VPN Network

The intelligence in this week’s iteration discuss the following threats: APT33, DDoS Attacks, DoppelPaymer, Iran, POS Malware, Medical Equipment, TrickBot, Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Ransomware Attacks In Spain Leave Radio Station In “Hysteria”

The intelligence in this week’s iteration discuss the following threats: Calypso, China, DarkUniverse, Emotet, EternalBlue, Megacortex, Monero, Nanocore, Platinum, Ransomware, and Titanium. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Research

Leashing Cerberus

OverviewCerberus is an Android banking trojan first reported on by ThreatFabric in June 2019 that may have been active since at least 2017. The malware is for sale on a Russian hacking forum called xss[.]is where the actors behind its development are selling licenses for the service from $4000 - $12000. This...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Credential Phish Targets Employees with Salary Increase Scam

The intelligence in this week’s iteration discuss the following threats: APT, Data leak, Phishing, PII, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: AWS Left Reeling After Eight-Hour DDoS

The intelligence in this week’s iteration discuss the following threats: China, Iran, Magecart, Nautilus, Neuron, NordVPN, Spidey Bot, Turla, Waterbug, and Winnti Group. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Cyber Threat Intelligence

Anomali: History in the Making

Let me kick off this post by extending a big “thank you” to everyone who participated in Detect ‘19, our fourth annual threat intelligence industry conference. Hundreds of attendees spanning customers, partners, employees, and special guests joined us in National Harbor, Maryland to participate in this history-making cybersecurity...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Tor Weaponized to Steal Bitcoin

The intelligence in this week’s iteration discuss the following threats: APT29, Bitcoin theft, Blackremote, FTCode ransomware, Operation Ghost, and SDBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Get the latest threat intelligence news in your email.