Threats and Vulnerabilities
FIN8 Group Using Modified Sardonic Malware for Deployment of BlackCat Ransomware
FIN8 Group Using Modified Sardonic Malware for Deployment of BlackCat Ransomware According to the Symantec Threat Hunter Team, the financially motivated threat actor known as FIN8 has been observed using ...
8Base Ransomware Surge; SmugX Targeting European Governments; Russian-Linked DDoS Warning
Surge in 8Base Ransomware Operations Raises Questions of Connections to Phobos and RansomHouse In June 2023, activity related to 8base ransomware operations increased significantly, although the exact reason for this surge ...
Creative Ransomware Extortion; Further Malware Capabilities With ChatGPT
The Blackcat-Western Digital Ransomware Cyberattack Serves a Good Example of How Extortion Techniques Will Change Risk And Impact For Targeted Victims Threat actors were able to tap into webcams of employees at ...
3CX Incident Attributed to North Korea; New LockBit MacOS Sample
Mandiant Attributes 3CX Supply Chain Attack to North Korean Activity Cluster On April 11, 2023, 3CX reported that Mandiant - who investigated the supply chain attack using a digitally signed 3CXDesktopApp installer ...
Exposed Web Panel Reveals Gamaredon Group’s Automated Spear Phishing Campaigns
Executive Summary On February 09, 2023, EclecticIQ analysts identified a spear phishing campaign targeting Ukrainian government entities like the Foreign Intelligence Service of Ukraine (SZRU) and Security Service of Ukraine (SSU). Analysts ...
Dark Pink APT Group Strikes Government Entities in South Asian Countries
Executive Summary In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. The latest attacks, which ...
Multi-Year Spearphishing Campaign Targets the Maritime Industry Likely for Financial Gain
Executive summary In May 2020 EclecticIQ Intelligence and Research Team published a report () on phishing lures impersonating the maritime industry. This research offers new insights and update on the topic. The ...
A Year of the Russia-Ukraine War: Seven Types of Cyberattacks Used Against Ukraine
As EclecticIQ looks back at the year since Russia’s initial invasion of Ukraine, it is clear cyberattacks have been an important part of Russia’s arsenal. This assessment is based on the variety ...
ESXi Ransomware Updates Counter Recovery Script; Killnet Targets Airports and Hospitals
Malware Updates: New ESXi Ransomware Variant Counter Recovery Script Operators behind the ransomware attacks on VMware ESXi servers early February have updated their malware to counter a recovery script released by the ...
Three Cases of Cyber Attacks on the Security Service of Ukraine and NATO Allies, Likely by Russian State-Sponsored Gamaredon
Executive Summary EclecticIQ researchers observed multiple weaponized phishing emails probably targeting the Security Service of Ukraine (SSU), NATO allies like Latvia, and private companies such as Culver Aviation - a Ukrainian aviation ...