Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)

CategoryDetailsThreat ActorsUnnamed actors exploiting CVE-2024-0012 and CVE-2024-9474; activity includes manual/automated scans, web shells, and C2…

Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples

Topic Details Introduction Explores macOS lateral movement techniques, including SSH key theft, Apple Remote Desktop,…

Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON

Category Details Threat Actors DPRK (North Korea) actors: Sapphire Sleet and Ruby Sleet. China-based actor:…

Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations

Category Details Threat Actors GLASSBRIDGE (umbrella group), Shanghai Haixun Technology Co., Ltd. (Haixun), Times Newswire,…

Detailed Footprinting Techniques for Popular Network Services

FTP – Nmap Scanning CategoryDetailsDescriptionUse Nmap to scan an FTP service on a target IP,…

Handala Group : Overview and Campaigns

CategoryDetailsThreat ActorsHandala Hacking Team, pro-Palestinian hacktivist group targeting Israeli organizations. Active since December 2023.Campaign OverviewExploited…

BlackSuit Ransomware

Key DetailInformationThreat ActorsIgnoble Scorpius (formerly Royal ransomware group)Campaign OverviewRamp-up of BlackSuit ransomware activity starting in…

Inc. Ransom

CategoryDetailsThreat ActorsInc. ransomwareCampaign OverviewMulti-extortion ransomware operation emerged in July 2023; steals and threatens to leak…

Qilin Ransomware: What You Need To Know

CategoryDetailsThreat ActorsQilin (also known as Agenda) ransomware groupCampaign OverviewRansomware-as-a-service operation; first posted on dark web…

Lifting the Fog: Darktrace’s Investigation into Fog Ransomware

CategoryDetailsThreat ActorsFog ransomware groupCampaign OverviewEmerged in May 2024; targets the education sector in the U.S.…