On March 7, 2022, Bleeping Computer broke the news that Emotet activity had surged back to life and the malware was once again facilitating the sending of malicious spam emails. After a three-month break, the malware’s operators deemed it was time to ramp up operations once more from an all too bri
Recent news articles have shone a light on LockBit’s current operations which seem to be yielding results in encrypting data and putting a halt to several organizations' operations. The most recent of which is Essendant, a wholesale distributor of stationery and office supplies owned by Staples. The
Security firm Sentinel One just published a report detailing how a phishing campaign used to target victims in Eastern Europe is being used to deliver the Remcos RAT and DBateLoader malware strains. As with so many malware distribution campaigns, things kick off with a phishing email campaign, in th
Chinese advanced persistent threat group, APT27, also known as Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, or TG-3390, is now developing Linux version of their custom malware payloads. The group is best known for its cyber espionage abilities by leveraging custom malware packages. With th
For many of the readers of this publication they will be aware of the heyday of exploit kits, effective toolsets to take advantage of vulnerable software packages. When Adobe’s Flash and Microsoft’s Internet Explorer had significant market dominance these toolkits were far more common and used to ga
On February 21, 2023, South African publication MyBroadband published an article noting that Porshe South Africa’s headquarters in Johannesburg had possibly suffered a ransomware attack. The publication stated, “MyBroadband understands the attackers used a relatively new ransomware strain cal
Following several reports from security firms and cyber security publications it is apparent several ransomware gangs are actively exploiting a two-year-old vulnerability that allows for remote code execution on VMWare ESXi servers. One of the initial warnings was issued by the French Computer Emerg
On January 26, 2023, the Federal Bureau of Investigation (FBI), along with the US Department of Justice and Europol, announced that a successful campaign to infiltrate Hive ransomwares infrastructure and disrupt operations had been carried out. Hive ransomware had developed a reputation for targetin
Riot Games, the video game developer behind the ever-popular League of Legends, announced on January 20 that it had been hacked. Following the hack, the company has received a ransom demand to return source code stolen during the hack and has the allegedly stolen source placed on auction by the thre
In several previous articles we have covered how the work done by the firm Chainalysis has provided great insight into how ransomware developers and affiliates operate. We have seen how their work has contributed to arrests of ransomware operators. We have also seen how the information generated by