HackDig : Dig high-quality web security articles

Manjusaka, a new attack tool similar to Sliver and Cobalt Strike

Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. Talos researchers observed a Chinese threat actor using a new offensive framework called Manjusaka (which can be translated to “cow flower” from the Simplified Chinese writing) that is similar to Sliver and Cobalt Str
Publish At:2022-08-03 13:22 | Read:225 | Comments:0 | Tags:Breaking News Hacking Malware China Cobalt Strike hacking ne

A week in security (July 11 – July 17)

Last week on Malwarebytes Labs: Elden Ring maker Bandai Namco hit by ransomware and data leaksPredatory Sparrow massively disrupts steel factories while keeping workers safeNew variant of Android SpyJoker malware removed from Play Store after 3 million+ installsChina’s Tonto Team increases espionage activities against RussiaEndpoint security for Mac: 3 be
Publish At:2022-07-18 07:54 | Read:284 | Comments:0 | Tags:A week in security bandai namco cobalt strike elden ring man

Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign

This blog was authored by Roberto Santos and Hossein Jazi The Malwarebytes Threat Intelligence team recently reviewed a series of cyber attacks against Ukraine that we attribute with high confidence to UAC-0056 (AKA UNC2589, TA471). This threat group has repeatedly targeted the government entities in Ukraine via phishing campaigns following the same
Publish At:2022-07-13 16:02 | Read:387 | Comments:0 | Tags:Threat Intelligence cobalt strike cobaltstrike UAC-0056 UNC2

New Matanbuchus Campaign drops Cobalt Strike beacons

Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat
Publish At:2022-06-27 11:10 | Read:416 | Comments:0 | Tags:Breaking News Cyber Crime Malware Cobalt Strike Cybercrime H

Karakurt extortion group: Threat profile

The FBI (Federal Bureau of Investigation), together with CISA (Cybersecurity and Infrastructure Security Agency) and other federal agencies, recently released a joint cybersecurity advisory (CSA) about the Karakurt data extortion group (also known as Karakurt Team and Karakurt Lair). Like RansomHouse, Karakurt doesn’t bother encrypting data. In
Publish At:2022-06-14 13:00 | Read:965 | Comments:0 | Tags:Cybercrime Accenture Security Advanced Intel AnyDesk Chainal

Unpatched Atlassian Confluence vulnerability is actively exploited

Researchers found a vulnerability in Atlassian Confluence by conducting an incident response investigation. Atlassian rates the severity level of this vulnerability as critical. Atlassian has issued a security advisory and is working on a fix for the affected products. This qualifies the vulnerability as an actively exploited in the wild zero-day vulnerab
Publish At:2022-06-03 12:59 | Read:1137 | Comments:0 | Tags:Exploits and vulnerabilities Atlassian behinder China Choppe

Adventures in the land of BumbleBee

Authored by: Nikolaos Totosis, Nikolaos Pantazopoulos and Mike Stokkel Executive summary BUMBLEBEE is a new malicious loader that is being used by several threat actors and has been observed to download different malicious samples. The key points are: BUMBLEBEE is statically linked with the open-source libraries OpenSSL 1.1.0f, Boost (version 1.68).
Publish At:2022-04-29 08:54 | Read:1390 | Comments:0 | Tags:Uncategorized bumblebee cobalt strike conti meterpreter

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country using the topic “Azovstal”. The phishing message use the subject “Azovst
Publish At:2022-04-23 06:26 | Read:1193 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Malware Cobalt Strike Cy

Conti Ransomware Group Diaries, Part III: Weaponry

Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Today’s Part III looks at how Conti abused a panoply of popular commercial security services to undermin
Publish At:2022-03-04 20:33 | Read:873 | Comments:0 | Tags:A Little Sunshine Ne'er-Do-Well News Ransomware alarm Bentle

Threat actors target poorly protected Microsoft SQL Servers

Threat actors install Cobalt Strike beacons on vulnerable Microsoft SQL Servers to achieve a foothold in the target network. Researchers from Ahn Lab’s ASEC spotted a new wave of attacks deploying Cobalt Strike beacons on vulnerable Microsoft SQL Servers to achieve initial access to target networks and deploy malicious payloads. The threat actor
Publish At:2022-02-22 18:13 | Read:883 | Comments:0 | Tags:Breaking News Hacking Cobalt Strike Cybercrime hacking news

Threat actors are abusing MSBuild to implant Cobalt Strike Beacons

Experts warn of malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised systems. Security expert from Morphus Labs recently observed several malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. MSBuild is a free and open-source bu
Publish At:2021-12-28 13:00 | Read:2243 | Comments:0 | Tags:Breaking News Hacking Malware Cobalt Strike Cybersecurity ha

A multi-stage PowerShell based attack targets Kazakhstan

This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif (perhaps in reference to Moscow’s emergency hospital) created a GitHub
Publish At:2021-11-12 21:00 | Read:3583 | Comments:0 | Tags:Threat Intelligence APT cobalt strike kazakhstan powershell

Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks

Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the wild. Threat actors re-implemented from scratch unofficial Linux and Windows versions of the Cobalt Strike Beacon and are actively using them in attacks aimed at organizations worldwide.Cobalt Strike is a le
Publish At:2021-09-14 04:57 | Read:1397 | Comments:0 | Tags:Cyber Crime Hacking Malware Cobalt Strike Cybercrime hacking

“Cobalt Strike” network attack tool patches crashtastic server bug

byPaul DucklinIf you’re a regular reader of Naked Security and Sophos News, you’ll almost certainly be familiar with Cobalt Strike, a network attack tool that’s popular with cybercriminals and malware creators.For example, by implanting the Cobalt Strike “Beacon” program on a network they’ve infiltrated, ransomware crooks
Publish At:2021-08-05 16:36 | Read:2966 | Comments:0 | Tags:Cobalt Strike vulnerability

Malspam banks on Kaseya ransomware attack

The Malwarebytes Threat Intelligence Team recently found a malicious spam campaign making the rounds and banking on the ransomware attack that forced Kaseya to shut down its VSA service. This is a classic example of an opportunistic attack conducted by (potentially) another threat actor/group off the back of another threat actor/group’s attack. With
Publish At:2021-07-08 16:09 | Read:1612 | Comments:0 | Tags:Social engineering cobalt strike dridex information stealer


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud