Threat Hunting Journal – March 2022 E.O.M Edition

The early spring edition of Heimdal™ Security’s threat hunting journal brings new contenders, old contenders, and more telemetry. No major improvements since last month, with the Trojan King still refusing…

Transparent Tribe campaign uses new bespoke malware to target Indian government officials

By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are…

Transparent Tribe APT returns to strike India's government and military

The Transparent Tribe hacking group is back with a new malware arsenal and victim list including India’s government and military.  Active since at least 2013, the advanced persistent threat (APT)…

SunCrypt Ransomware Still Alive in 2022

One of the first groups to use “triple extortion” tactics in their attacks was SunCrypt. This group is a RaaS (Ransomware as a Service) group. SunCrypt doesn’t have a big…

Ukraine Suffers Significant Internet Disruption Following Cyber-Attack

The attack led to the “most severe” disruption to connectivity in Ukraine since the Russian invasion began

Ukraine destroys five bot farms that were spreading 'panic' among citizens

SBU The Security Service of Ukraine (SBU) has destroyed five “enemy” bot farms engaged in activities to frighten Ukrainian citizens.  In a March 28 release, the SBU said that the…

Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners

The Log4Shell vulnerability is being actively exploited to deliver backdoors and cryptocurrency miners to vulnerable VMware Horizon servers. On Tuesday, Sophos cybersecurity researchers said the attacks were first detected in…

Threat Actors Hijack Email Reply Chains on Vulnerable Exchange Servers to Deliver IcedID Malware

A new email phishing operation has been noticed employing the conversation hijacking strategy to distribute the IcedID banking trojan-type malware onto compromised computers via unpatched and publicly-exposed Microsoft Exchange servers.…

Purple Fox Threat Actors Leverage New FatalRAT Version

The ones who created Purple Fox malware have upgraded their malware arsenal, as currently, they are using a new FatalRAT version, a remote access trojan. Besides, its functionalities to avoid…

Sanctions Hitting Russian Cyber-Criminals Hard

Carders, social media scammers and others feeling the pinch