The Anomali Blog: Research posts

The Anomali Blog

Analysis and perspectives from the leading voice in threat intelligence.

Category: Research

Winston Marydasan & Gage Mele
Winston Marydasan & Gage Mele April 9, 2020

COVID-19 Themed HawkEye Phishing Campaign Targets Healthcare Sector: Dissection of the MalDoc and the Two-Way Approach

OverviewThreat actors continue to utilize COVID-19-themed lures to distribute malware as the world responds to the Coronavirus pandemic. Anomali researchers have identified a phishing campaign that is distributing HawkEye malware via Rich Text Format (RTF) documents. This campaign is interesting because HawkEye is a commodity…

Anomali Threat Research
Anomali Threat Research January 23, 2020

APTs & Threat Actors That May Increase Hostile Activity Due to Elimination of Iranian General Quassem Suleimani

The Anomali Threat Research Team monitors the global cyberthreat landscape continually. Our experts focus on geographies of interest, provide around-the-clock intelligence on adversaries, and guidance on how to defend networks and people against cyberattacks.Anomali has been monitoring the Middle East long before the current…

Anomali Threat Research
Anomali Threat Research December 12, 2019

Phishing Campaign Targets Login Credentials of Multiple US, International Government Procurement Services

OverviewThe Anomali Threat Research Team identified a credential harvesting campaign designed to steal login details from multiple government procurement services. The procurement services are used by many public and private sector organisations to match buyers and suppliers. In this campaign, attackers spoofed sites for multiple…

Anomali Threat Research
Anomali Threat Research December 5, 2019

Malicious Activity Aligning with Gamaredon TTPs Targets Ukraine

OverviewThe Anomali Threat Research (ATR) team has identified malicious activity that we believe is being conducted by the Russia-sponsored Advanced Persistent Threat (APT) group Gamaredon (Primitive Bear). Some of the documents have been discussed by other researchers.[1] This Gamaredon campaign appears to have begun in…

Anomali Threat Research
Anomali Threat Research November 26, 2019

The Lure of PSD2

OverviewThe Payment Services Directive (PSD) was adopted within the European Union in 2007. PSD is a directive aimed at regulating payment services with the intention to make cross-border payments in the EU as easy, efficient and secure as payments within a member state. PSD2 builds on the previous legislation in the following…

Anomali Threat Research
Anomali Threat Research November 11, 2019

Leashing Cerberus

OverviewCerberus is an Android banking trojan first reported on by ThreatFabric in June 2019 that may have been active since at least 2017. The malware is for sale on a Russian hacking forum called xss[.]is where the actors behind its development are selling licenses for the service from $4000 - $12000. This new…

Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now