Tim Brandom’s Post

"The Voldemort Malware campaign is spreading globally with over 20,000 phishing emails sent to more than 70 organizations, with a peak of 6,000 emails sent in a single day." The Voldemort campaign employs a complex attack chain, combining both common and unusual techniques. One of the most notable aspects is the use of Google Sheets for command-and-control operations. This is an unusual method that highlights the creativity of the bad guys. https://lnkd.in/gwVBjuhd #auguryit #cysec

German organizations are on high alert following a phishing campaign targeting them with a novel information stealer. The culprit? A financially motivated threat actor group known as TA547. Let’s dissect this campaign, understand the Rhadamanthys stealer, and explore best practices to safeguard your organization from similar threats. https://lnkd.in/erUvC_V5

“Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns.    Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts.    Tracked under the names BlackWidow, IceNova, Lotus, or Unidentified 111, Latrodectus, is also considered to be a successor to IcedID owing to infrastructure overlaps between the two malware families. It has been used in campaigns associated with two initial access brokers (IABs) known as TA577 (aka Water Curupira) and TA578.”    In May 2024, European countries shut down over 100 servers used to distribute several malware strains, including IcedID, TrickBot, and others. Although Latrodectus wasn’t initially mentioned, its infrastructure was also affected, but it quickly recovered and became even more dangerous after the operation. According to cybersecurity firm Trustwave, Latrodectus now poses a significant threat by filling the gap left by other disabled malware.    Shutting down infrastructure is not always enough, as attackers often use such disruptions as opportunities to evolve their threats. Organizations should stay updated on emerging threats like Latrodectus and enhance their defenses accordingly. https://lnkd.in/g8m4WXT2     #cybertronium #cybertroniummalaysia #malware #threatintelligence 

🚧 New Threat Research – DisGoMoji Malware 🚧 Read the full research: https://lnkd.in/gYwgsRf4 The Gurucul Threat Labs team provides an in-depth analysis on the DisGoMoji malware, which operates under the control of its creators through the popular messaging platform Discord. To maintain secrecy, the attackers have ingeniously devised a system of using emojis within Discord messages to transmit commands to the malware. The unusual combination of targeting Linux systems with malware disguised as legitimate documents, typically employed in phishing attacks, indicates a high level of specific knowledge about the victim. This suggests that the attackers had a clear understanding that their target was a Linux desktop user. #ThreatResearch #ThreatDetection #DisGoMoji #Malware #SecurityAnalytics #Sanfer #Sanferetechnologies #Gurucul

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts. Tracked under the names BlackWidow, IceNova, Lotus, or Unidentified 111, Latrodectus, is also considered to be a successor to IcedID owing to infrastructure overlaps between the two malware families. It has been used in campaigns associated with two initial access brokers (IABs) known as TA577 (aka Water Curupira) and TA578. In May 2024, a coalition of European countries said it dismantled over 100 servers linked to several malware strains such as IcedID (and, by extension, Latrodectus), SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

StrikeReady Labs recently reported a sophisticated phishing campaign targeting Ukraine, delivering sLoad malware through fake PDF links embedded in .rar files. In my latest analysis, I dive into how attackers use multi-layered obfuscation and reconnaissance tactics to evade detection and gather system data. TL;DR ➡️ Phishing emails ➡️ rar ➡️ zip ➡️ Disguised .lnk and obfuscated VBS files ➡️ Staged malware delivery from Bitbucket. https://lnkd.in/gy8mb6P5 #Malware #sLoad #PhishingCampaign

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies https://lnkd.in/gVpmpVuH Bumblebee, and, Latrodectus, Malware, Return, with, Sophisticated, Phishing, Strategies

⚠️ New phishing campaign spreading Remcos RAT via Excel attachments! It’s a fileless variant, making it even harder to detect. Read: https://lnkd.in/dVHT3jsC 🔒 Update your defenses NOW!

CrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball These domains might be used to distribute malware, like the ZIP file pretending to be a hotfix which was uploaded to a malware scanning service last weekend. The ZIP contained HijackLoader (aka IDAT Loader), which in turn loaded the RemCos RAT. The file was first reported from Mexico, and it contained Spanish-language filenames, indicating that the campaign likely targeted CrowdStrike customers in Latin America. In another case, attackers distributed a CrowdStrike-themed phishing email with a crudely designed PDF attachment. Inside the PDF was a link to download a ZIP attachment with an executable inside. Once launched, the executable asked the victim for permission to install an update. The update, though, was a wiper. The pro-Hamas hacktivist group "Handala" took responsibility, claiming that "dozens" of Israeli organizations had lost several terabytes of data as a result Feel free to comment ,like,forward and subscribe for more cybersecurity info/insight Refer to news URL for more details #CyberSecurity #DataProtection #BusinessContinuity #formintiumit #formintiumtech #QiCyberCyberSecurity #5CyberCyberSecurity https://lnkd.in/ep-856iS

Threat actors are exploiting the recent disruption from CrowdStrike’s software update to target companies with a fake update that injects malware, including data wipers and remote access tools. Learn more about the threat in this advisory: https://bit.ly/4doFPFe