Analysis and perspectives from the leading voice in threat intelligence.
revised on August 22, 2019Anomali researchers recently observed a site masquerading as a login page for a diplomatic portal linked to the French government. Further analysis of the threat actor’s infrastructure uncovered a broader phishing campaign targeting three different countries’ Ministry of Foreign Affairs…
Most Voters to Consider Candidates' Cybersecurity Records in Future ElectionsCybercriminals have been using ransomware to profit off of unprepared victims for more than a decade. Ransomware rose to infamy when the WannaCry and NotPetya attacks struck the world. Recently, attackers have collected more than a million dollars…
The Anomali Threat Research Team discovered a phishing site impersonating a login page for the Ministry of Foreign Affairs of the People's Republic of China email service. When visitors attempt to login to the fraudulent page, they are presented with a pop-up verification message asking users to close their windows and…
IntroductionOn July 23, 2019, Synology Inc., a Taiwan-based Network Attached Storage (NAS) company, posted an advisory on safeguarding internet-connected Synology NAS devices from Ransomware attacks.[1] The storage devices are encrypted after attackers successfully brute-forcing administrator credentials by using default…
IntroductionAnomali researchers have observed a new ransomware family, dubbed eCh0raix, targeting QNAP Network Attached Storage (NAS) devices. QNAP devices are created by the Taiwanese company QNAP Systems, Inc., and contain device storage and media player functionality, amongst others. The devices appear to be compromised by…
During Anomali Threat Researcher’s tracking of the “Royal Road” Rich Text Format (RTF) weaponizer, commonly used by multiple Chinese threat actors to exploit CVE-2017-11882 and CVE-2018-0802, it was discovered that multiple Chinese threat groups updated their weaponizer to exploit the Microsoft Equation Editor…
SummaryIn May 2019, a new malware was found in the wild that uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network. The malware found in the wild targets Windows machines and allows the threat actor to execute any arbitrary PowerShell code on the infected machines. The use of a…
OverviewIn late May 2019, Anomali researchers discovered a phishing campaign impersonating three Latin American government’s electronic procurement (e-Procurement) systems. The campaign uses convincing looking phishing pages where individuals and companies are invited to bid on public projects with the governments of Mexico,…
Weighing the Benefits of Project Management Applications Against the RiskDisclaimer: With the sensitive information possibly being leaked by a number of entities and it being hard to discern those intended to be open as opposed to those intended to be private. Anomali has contacted Atlassian to work with and inform affected…
Executive SummaryIn January 2019, researchers from Anomali Labs and Saudi Telecom Company (STC) observed a spike in phishing websites impersonating the Saudi Arabian Ministry of Interior’s e-Service portal known as “Absher”. Further analysis uncovered a broader phishing campaign targeting four different Kingdom…
Get the latest Anomali updates and cybersecurity news straight to your inbox each month.
Subscribe Now