Results Page 2/26 for Anomali Blog

Anomali Blog

Research

Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks

revised on August 22, 2019Anomali researchers recently observed a site masquerading as a login page for a diplomatic portal linked to the French government. Further analysis of the threat actor’s infrastructure uncovered a broader phishing campaign targeting three different countries’ Ministry of Foreign Affairs agencies. Also targeted were...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: ECB Shuts Down Compromised BIRD Website

The intelligence in this week’s iteration discuss the following threats: BEC, Botnet malware, Data breach, Data leak, Pre-installed threats, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Research

Anomali Harris Poll: Ransomware Hits 1 in 5 Americans

Most Voters to Consider Candidates' Cybersecurity Records in Future ElectionsCybercriminals have been using ransomware to profit off of unprepared victims for more than a decade. Ransomware rose to infamy when the WannaCry and NotPetya attacks struck the world. Recently, attackers have collected more than a million dollars from the...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Cloud Atlas Threat Group Updates Weaponry with Polymorphic Malware

The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malware, Ransomware, Spearphishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More


Research

Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations

The Anomali Threat Research Team discovered a phishing site impersonating a login page for the Ministry of Foreign Affairs of the People's Republic of China email service. When visitors attempt to login to the fraudulent page, they are presented with a pop-up verification message asking users to close their...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: No Summer Break for Magecart as Web Skimming Intensifies

The intelligence in this week’s iteration discuss the following threats: Android Ransomware, Hexane Group, LookBack Malware, MageCart, and TrickBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending ThreatsLatest...
Read More


Research

Threat Actors Utilizing eCh0raix Ransomware Change NAS Targeting

IntroductionOn July 23, 2019, Synology Inc., a Taiwan-based Network Attached Storage (NAS) company, posted an advisory on safeguarding internet-connected Synology NAS devices from Ransomware attacks.[1] The storage devices are encrypted after attackers successfully brute-forcing administrator credentials by using default credentials or dictionary attacks. There are also public reports of ransomware and...
Read More


Cyber Threat Intelligence

Black Hat: What’s in a Name

Black Hat starts Sunday. Over the years, the conference has come to be known by many names, ranging from “cybersecurity summer camp” to “hacker boot camp.” Equally interesting is the array of titles for the dozens of Briefings and Arsenal presentations scheduled. There is simply...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Notorious MyDoom Worm Still on AutoPilot After 15 Years

The intelligence in this week’s iteration discuss the following threats: APT, Data exposure, Malspam, Phishing, Ransomware, Targeted attacks, Threat groups, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence

Happy Birthday No More Ransom!

Today, the No More Ransom (NMR) project turns three years old. Anomali joined the No More Ransom partnership on the  25th of March, and since then, organizations and the information security community at large continue to observe devastating ransomware incidents around the world. These incidents typically cause challenging remediation...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hacked Bulgarian Database Reaches Online Forums

The intelligence in this week’s iteration discuss the following threats: APT, Compromise, Malspam, Phishing, Ransomware, RAT, Threat group, Underground markets, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence

Top Five Cyber Threat Intelligence Training Resources to Check Out

Every day, new types of cyberattacks are causing escalating damage to companies, governments, and individuals. Security professionals are often under pressure to keep up and understand new cyberattacks and tricks. Addressing this need in cybersecurity skills requires foundational training resources that can be referenced regularly. Luckily, there are numerous websites...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: “Agent Smith:” The New Virus to Hit Mobile Devices

The intelligence in this week’s iteration discuss the following threats: 16Shop phishing kit, Agent Smith Android malware, Astaroth malware, Magecart, Miori botnet, and Zoom vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Anomali Presents the Black Hat 2019 Travel Guide

10 Things To Do in Las VegasOne of the biggest cybersecurity conferences of the year, Black Hat 2019 is coming up fast, August 3rd through the 8th. Thousands of cybersecurity professionals will gather in Las Vegas for a week of networking, briefings, and hands-on training. If you’re one of...
Read More


Research

The eCh0raix Ransomware

IntroductionAnomali researchers have observed a new ransomware family, dubbed eCh0raix, targeting QNAP Network Attached Storage (NAS) devices. QNAP devices are created by the Taiwanese company QNAP Systems, Inc., and contain device storage and media player functionality, amongst others. The devices appear to be compromised by brute forcing...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Malicious Campaign Targets South Korean Users with Backdoor-Laced Torrents

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Automated attacks, Backdoor, Breach, Malspam, Phishing, Targeted attacks, Threat groups, and Vulnerabilities. The IOCs related to these...
Read More


Research

Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018

During Anomali Threat Researcher’s tracking of the “Royal Road” Rich Text Format (RTF) weaponizer, commonly used by multiple Chinese threat actors to exploit CVE-2017-11882 and CVE-2018-0802, it was discovered that multiple Chinese threat groups updated their weaponizer to exploit the Microsoft Equation Editor (EE)...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Georgia Court System Hit in Ransomware Attack

The intelligence in this week’s iteration discuss the following threats: APT, Banking malware, Cryptocurrency miner, Data leak, Exploit kit, Malvertising, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Cyber Threat Intelligence

Cyber Threat Intelligence Saves Enterprises Millions

Demand for cyber threat intelligence (CTI) capabilities is growing. More than 85 percent of respondents to the Ponemon Value of Threat Intelligence survey and report we sponsored ranked it as a top security priority. One analyst firm predicts that enterprises will soon be investing 20 percent of their security budgets into it. ...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Millions Exposed in Desjardins Data Leak

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: BlueKeep, Cryptominers, FlawedAmmyy Trojan, Sodinokibi, and TA505. The IOCs related to these stories are attached to the Community Threat Briefing and...
Read More


Get the latest threat intelligence news in your email.