Anomali Blog
Weekly Threat Briefing: Russian State Hackers Phish Euro Governments Ahead of Elections
The intelligence in this weekís iteration discuss the following threats: APT28, APT32, Cryptominer, FIN7, IoT, MageCart, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More
Anomali Joins No More Ransom Partnership Ecosystem
On the 25th of March, Anomali is proud to announce a supporting partnership with No More Ransom (NMR). Anomali innovates intelligence-driven solutions that address cyber security challenges to achieve a more secure world. NMR is a non-commercial public-private initiative launched in July 2016 which created a common portal containing relevant information...
Read More
“Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution
Executive SummaryIn January 2019, researchers from Anomali Labs and Saudi Telecom Company (STC) observed a spike in phishing websites impersonating the Saudi Arabian Ministry of Interior’s e-Service portal known as “Absher”. Further analysis uncovered a broader phishing campaign targeting four different Kingdom of Saudi Arabia government...
Read More
Weekly Threat Briefing: Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware
The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malspam, Malware, Phishing, Point-of-Sale, Ransomware, RAT, Supply chain, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More
Rocke Evolves Its Arsenal With a New Malware Family Written in Golang
SummaryThe “Rocke group”, a Chinese threat actor group who specializes in cryptojacking, has shifted gears on how they’re stealing your cycles. Rocke is actively updating and pushing a new dropper using Pastebin for Command and Control (C2). Recent updates to the C2 as of March 1...
Read More
Threat Actor - A Love Story
The BreachIt’s 5am on a Saturday morning, you’re soundly sleeping after a hectic week as CISO of a large organization. Suddenly, the phone rings and wakes you up. The voice on the phone says one of the most dreaded phrases, “You need to get...
Read More
Weekly Threat Briefing: Email Verification Service Takes Itself Offline After 800 Million Records Get Publicly Exposed
This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT40, Backdoor, Chafer, Data breach, IRIDIUM, Phishing, Malware, RATs, Ransomware, Vulnerabilities and Whitefly. The IOCs related to these stories are attached...
Read More
Anomali at RSA Conference 2019 - Better than Ever
This year's theme for RSA Conference 2019 was Better - better connections, better solutions, and a better digital world. After a full week of RSA activities and festivities, we're feeling better than ever about the incredible advances in the industry and the community's shared goal to make...
Read More
Weekly Threat Briefing: North Korean Hackers Go On Phishing Expedition Before Trump-Kim Summit
This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Attack vector, Botnet, Credential-stealer, Phishing, Spear phishing, Targeted attacks, Threat group, Trojan, and Vulnerabilities. The IOCs related to these stories...
Read More
Weekly Threat Briefing: The Facebook Login Phishing Campaign Can Even Trick Savvy Users
The intelligence in this weekís iteration discuss the following threats: APT28, APT-C-36, Cryptominer, Data breach, Fbot, KEYMARBLE backdoor, Malware, Mimikatz, Phishing, RADMIN, Ransomware, Rietspoof, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More
Online Bidding-Themed Phishing Campaigns Aims to Trick U.S. Federal Government Contractors
In late February 2019, Anomali Labs researchers discovered a malicious server hosting two separate phishing campaigns targeting government contractors desiring to do business with two U.S. federal government agencies. In both instances, the phisher created faux landing pages mimicking the Department of Transportation eProcurement login portal and the Department of...
Read More
Weekly Threat Briefing: Chinese Facial Recognition Database Exposes 2.5m People
The intelligence in this week’s iteration discuss the following threats: APT, Data-theft, Malspam, Malware, Phishing, targeted attacks, Trojan, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More
Phishing Campaign Spoofs United Nations and Multiple Other Organizations
Anomali Labs researchers recently discovered a phishing site masquerading as a login page for the United Nations (UN) Unite Unity, a single sign-on (SSO) application used by UN staff. When visitors attempt to login into the fraudulent page, their browser is redirected to an invitation for a film viewing at...
Read More
Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme
On February 15th, 2019, Anomali Labs researchers found an active phishing page masquerading as a legitimate Texas Department of Transportation (TxDOT) online bidding website. The illegitimate portal <hxxps://www[.]txdot[.]gov[.]us.e-bid.sync.auth.moovindancestudio[.]com/secure/user-login/login[.]php> is being hosted on a suspected compromised server...
Read More
Transform Your CTI Program With the Anomali Threat Platform: Exploring 5 Common Use Cases
In this blog, we will be looking at a few popular use cases of Anomali Enterprise™, one of the core components of the Anomali Threat Platform. Anomali Enterprise is a powerful tool that addresses an industry-wide dilemma on how to leverage threat intelligence effectively. A key issue with most...
Read More
Weekly Threat Briefing: Google Spots Attacks Exploiting iOS Zero-Day Flaws
The intelligence in this weekís iteration discuss the following threats: Cryptominers, Data breach, ExileRAT, Malware, NanoCore, RATs, Remote code execution, Spear phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More
Weekly Threat Briefing: New SpeakUp Backdoor Infects Linux and macOS with Miners
The intelligence in this weekís iteration discuss the following threats: APT32, APT39, Backdoors, CookieMiner, Cryptominers, Data breach, Malspam, Malware, Phishing, SectorA05, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More
Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain?
Anomali Labs recently analyzed a large number of weaponized RTF phishing files related to APT groups aligned with Chinese and Indian state interests. This analysis has identified a shared object dimension and shared obfuscation methods across weaponized RTF files utilized by the APT groups known as Sidewinder (Indian State Interests),...
Read More
How I Learned to Stop Worrying about CVEs and Love Threat Intelligence (es)
In my previous job, one of my main responsibilities was related to consulting services. Most of my customers’ needs were in the field of compliance and security assessment, and one of the most frequent requests was a vulnerability assessment of their IT infrastructure. I frequently had to explain to...
Read More
Weekly Threat Briefing: Hackers Are Going After Cisco RV320/RV325 Routers Using A New Exploit
The intelligence in this week’s iteration discuss the following threats: Alert, Data leak, DNS tampering, Misconfigured database, Phishing, Ransomware, Trojan, Vulnerabilities, Website compromise and Zero-day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your...
Read More
