Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)
CategoryDetailsThreat ActorsUnnamed actors exploiting CVE-2024-0012 and CVE-2024-9474; activity includes manual/automated scans, web shells, and C2…
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
Topic Details Introduction Explores macOS lateral movement techniques, including SSH key theft, Apple Remote Desktop,…
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON
Category Details Threat Actors DPRK (North Korea) actors: Sapphire Sleet and Ruby Sleet. China-based actor:…
Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations
Category Details Threat Actors GLASSBRIDGE (umbrella group), Shanghai Haixun Technology Co., Ltd. (Haixun), Times Newswire,…
Detailed Footprinting Techniques for Popular Network Services
FTP – Nmap Scanning CategoryDetailsDescriptionUse Nmap to scan an FTP service on a target IP,…
Handala Group : Overview and Campaigns
CategoryDetailsThreat ActorsHandala Hacking Team, pro-Palestinian hacktivist group targeting Israeli organizations. Active since December 2023.Campaign OverviewExploited…
BlackSuit Ransomware
Key DetailInformationThreat ActorsIgnoble Scorpius (formerly Royal ransomware group)Campaign OverviewRamp-up of BlackSuit ransomware activity starting in…
Inc. Ransom
CategoryDetailsThreat ActorsInc. ransomwareCampaign OverviewMulti-extortion ransomware operation emerged in July 2023; steals and threatens to leak…
Qilin Ransomware: What You Need To Know
CategoryDetailsThreat ActorsQilin (also known as Agenda) ransomware groupCampaign OverviewRansomware-as-a-service operation; first posted on dark web…
Lifting the Fog: Darktrace’s Investigation into Fog Ransomware
CategoryDetailsThreat ActorsFog ransomware groupCampaign OverviewEmerged in May 2024; targets the education sector in the U.S.…