The Anomali Blog

Analysis and perspectives from the leading voice in threat intelligence.

Category: Research

Anomali Threat Research
Anomali Threat Research June 25, 2020

Unknown China-Based APT Targeting Myanmarese Entities

Authored by: Parthiban Rajendran and Gage Mele Information cutoff date: 6/19/2020 Overview Anomali Threat Research has identified malicious activity targeting entities based in Myanmar (Burma) that appears to have begun in March 2020; this is based on file names and payload compilation times. An unidentified Advanced Persistent…

Anomali Threat Research
Anomali Threat Research June 10, 2020

Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal Data

Authored by: Tara Gould, Gage Mele, Parthiban Rajendran, and Rory GouldOverviewThreat actors are distributing fake Android applications themed around official government COVID-19 contact tracing apps. Anomali Threat Research (ATR) identified multiple applications that contain malware, primarily Anubis and SpyNote, and other…

Anomali Threat Research
Anomali Threat Research April 30, 2020

Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center

Authored by: Sara Moore, Joakim Kennedy, Parthiban R, and Rory GouldThe Anomali Threat Research Team detected a spear phishing email targeting government employees in the Municipality of Da Nang, Vietnam. The email contained a malicious Microsoft Excel document which drops a malicious Dynamic-Link Library (DLL) providing the actor…

Winston Marydasan & Gage Mele
Winston Marydasan & Gage Mele April 9, 2020

COVID-19 Themed HawkEye Phishing Campaign Targets Healthcare Sector: Dissection of the MalDoc and the Two-Way Approach

OverviewThreat actors continue to utilize COVID-19-themed lures to distribute malware as the world responds to the Coronavirus pandemic. Anomali researchers have identified a phishing campaign that is distributing HawkEye malware via Rich Text Format (RTF) documents. This campaign is interesting because HawkEye is a commodity…

Anomali Threat Research
Anomali Threat Research January 23, 2020

APTs & Threat Actors That May Increase Hostile Activity Due to Elimination of Iranian General Quassem Suleimani

The Anomali Threat Research Team monitors the global cyberthreat landscape continually. Our experts focus on geographies of interest, provide around-the-clock intelligence on adversaries, and guidance on how to defend networks and people against cyberattacks.Anomali has been monitoring the Middle East long before the current…

Anomali Threat Research
Anomali Threat Research December 12, 2019

Phishing Campaign Targets Login Credentials of Multiple US, International Government Procurement Services

OverviewThe Anomali Threat Research Team identified a credential harvesting campaign designed to steal login details from multiple government procurement services. The procurement services are used by many public and private sector organisations to match buyers and suppliers. In this campaign, attackers spoofed sites for multiple…

Anomali Threat Research
Anomali Threat Research December 5, 2019

Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine

OverviewThe Anomali Threat Research (ATR) team has identified malicious activity that we believe is being conducted by the Russia-sponsored Advanced Persistent Threat (APT) group Gamaredon (Primitive Bear). Some of the documents have been discussed by other researchers.[1] This Gamaredon campaign appears to have begun in…

Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now