Mustang Panda deploys a new wave of malware targeting Europe

By Jung soo An, Asheer Malhotra and Justin Thattil, with contributions from Aliza Berk and Kendall McKay. In February 2022, corresponding roughly with the start of the Russian Invasion of…

Transparent Tribe campaign uses new bespoke malware to target Indian government officials

By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay. Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are…

Operation Dragon Castling: APT group targeting betting companies

Avast –  Avast –  We recently discovered an APT campaign we are calling Operation Dragon Castling. The campaign is targeting what appears to be betting companies in South East Asia,…

Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups

By Asheer Malhotra, Vitor Ventura and Arnaud Zobec. Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating…

Threat Advisory: Cyclops Blink

Cisco Talos is aware of the recent reporting around a new modular malware family, Cyclops Blink, that targets small and home office (SOHO) devices, similar to previously observed threats like…

Current executive guidance for ongoing cyberattacks in Ukraine

Cyber threat activity against Ukraine, and around the world, has long been a central focus of our work. We continue to monitor the Ukraine-Russia situation by enacting a comprehensive, Talos-wide…

What’s with the shared VBA code between Transparent Tribe and other threat actors?

By Vanja Svajcer and Vitor Ventura. Recently, we’ve been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs).…

Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware

By Asheer Malhotra and Vitor Ventura. Cisco Talos has observed a new wave of Delphi malware called Micropsia developed and operated by the Arid Viper APT group since 2017. This…

Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables

By Asheer Malhotra and Vitor Ventura. Cisco Talos has observed a new campaign targeting Turkish private organizations alongside governmental institutions. Talos attributes this campaign with high confidence to MuddyWater —…

‘Tropic Trooper’ Reemerges to Target Transportation Outfits

Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies. They’ve been an active threat group since 2011,…