Download, Information Security and Security Intelligence

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs

FEBRUARY 12, 2025

Upon running the code as an administrator, it downloads and installs a browser-based remote desktop tool and downloads a certificate file with a hardcoded PIN from a remote server. ” states Microsoft Threat Intelligence. . The IT giant recommends training users about phishing and employing attack surface reduction rules.

Phishing

Phishing Malware Security Intelligence Hacking

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

In November 2024, the Akamai Security Intelligence Research Team (SIRT) observed increased activity targeting the URI /cgi-bin/cgi_main.cgi , linked to a Mirai-based malware campaign exploiting an unassigned RCE vulnerability in DVR devices, including DigiEver DS-2105 Pro. ” reads the analysis published by Akamai.

Manufacturing

Manufacturing Malware Firmware IoT

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Security Affairs

APRIL 21, 2025

While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. When opened, they execute PowerShell or Mshta to download malware like PebbleDash and RDP Wrapper, to control the infected systems.

Phishing

Phishing Malware Security Intelligence Hacking

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Security Affairs

FEBRUARY 8, 2025

Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. When opened, they execute PowerShell or Mshta to download malware like PebbleDash and RDP Wrapper, to control the infected systems.

Phishing

Phishing Malware Security Intelligence Hacking

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Security Affairs

JUNE 24, 2019

The macro included in the documents executes the legitimate msiexec.exe tool that downloads an MSI archive. Anomaly detection helped us uncover a new campaign that employs a complex infection chain to download and run the notorious FlawedAmmyy RAT directly in memory. wsus.exe decrypts and runs the final payload directly in memory.

Security Intelligence

Security Intelligence Advertising Malware Banking

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload. pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. pic.twitter.com/1qnx3NmwiB — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020.

Malware

Malware Security Intelligence Banking Phishing

SEO poisoning campaign aims at delivering RAT, Microsoft warns

Security Affairs

JUNE 14, 2021

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021. Upon opening the PDF files, users are prompted to download a.doc file or a.pdf version of their desired info. When opened, the PDFs prompt users to download a.doc file or a.pdf version of their desired info.

Antivirus

Antivirus Security Intelligence Malware Insurance

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. pic.twitter.com/mGow2sJupN — Microsoft Security Intelligence (@MsftSecIntel) May 19, 2021. Researchers noticed that STRRAT version 1.5

Ransomware

Ransomware Malware Encryption Security Intelligence

Recorded Future to Provide Free Access to Elite Intelligence Through New Browser Extension

Security Affairs

MAY 5, 2020

Level up Your Security Program With the Same Security Intelligence Used by the World’s Largest Governments and Many of the Fortune 1000. Recorded Future real-time security intelligence helps users instantly understand which vulnerabilities pose the most risk, so they can patch those first.

Security Intelligence

Security Intelligence Risk Malware Advertising

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

JULY 1, 2022

Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. Once gained access to a target system, an evasive loader is downloaded from jira[.]letmaker[.]top. Pierluigi Paganini.

Security Intelligence

Security Intelligence Hacking Malware Information Security

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Security Affairs

MAY 4, 2020

Last week experts from Microsoft detected a COVID-19-themed spam campaign, the messages are crafted to trick users into downloading and mounting ISO or IMG file attachments. pic.twitter.com/EbI8kxICQG — Microsoft Security Intelligence (@MsftSecIntel) May 4, 2020.

Small Business

Small Business Malware Manufacturing Security Intelligence

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Security Affairs

JUNE 10, 2019

pic.twitter.com/Ac6dYG9vvw — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019. “In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload. — Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019.

Security Intelligence

Security Intelligence Advertising Malware Information Security

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. Therefore, it is recommended that users conduct a comprehensive asset assessment, verify their usage scenarios, and update PHP to the latest version to ensure security. ” reported Akamai.

Malware

Malware DDOS IoT Internet

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Additional malware is downloaded and installed when running these macros. ” states the advisory published by The Netherlands National Cyber Security Center.”One ” states the Italian CSIRT’s alert.

Malware

Malware Passwords Advertising Cybercrime

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

Security Affairs

OCTOBER 28, 2021

Get details: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 28, 2021. System Integrity Protection (also referred to as rootless) is a macOS security feature introduced in OS X El Capitan (2015) (OS X 10.11).

Security Intelligence

Security Intelligence Hacking Technology Software

A new Astaroth Trojan Campaign uncovered by Microsoft

Security Affairs

JULY 9, 2019

See how #MicrosoftDefenderATP next-gen protection defeated the #fileless attack: [link] — Microsoft Security Intelligence (@MsftSecIntel) July 8, 2019. The malware is able to log the users’ keystrokes, collect information through hooking, access clipboard content, and monitor the keystate.

Antivirus

Antivirus Malware Advertising Security Intelligence

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Security Boulevard

MAY 25, 2021

I've decided to make my Cybercrime Forum Data Set for 2019 and 2021 exclusively available online for free in order for me to speed the dissemination process and to possibly empower security researchers and vendors with the necessary information to help them stay on the top of their game in terms of current and emerging cyber threats including U.S

Cybercrime

Cybercrime Cyber threats Hacking Software

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020. exe , which in turn downloaded a copy of the 7-zip tool named 7za.exe and a ZIP file. ” continues the report.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Threat actor has been targeting the aviation industry since at least 2018

Security Affairs

SEPTEMBER 18, 2021

Our researchers are closely monitoring the campaign and will share additional info and investigation guidance through Microsoft 365 security center and Microsoft Threat Experts. — Microsoft Security Intelligence (@MsftSecIntel) May 11, 2021.

Malware

Malware Phishing DNS Cybercrime

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Once compromised the system, threat actors drop the Corelump downloader and inject it directly in memory to evade detection. It supports multiple features, including keylogging, capturing screenshots, exfiltrating files, running a remote shell, and running arbitrary plugins downloaded from KNOTWEED’s C2 server.

Surveillance

Surveillance Malware Authentication DNS

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022. This attack chain starts with an ISO file that’s downloaded when a user clicks malicious ads or YouTube comments. Microsoft attributes the attack to a threat actor tracked as DEV-0796.

Malware

Malware Adware Ransomware Security Intelligence

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. To investigate the attack and find the victims, the researchers looked at a text file (telnet.txt) that is downloaded by the bot.

IoT

IoT DDOS Architecture Internet

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Security Affairs

JUNE 16, 2019

The popular expert Larry Cashdollar, from Akamai’s Security Intelligence Response Team (SIRT), spotted a new version of the Echobot botnet that counts 26 different exploits. The first binary I found was compiled for ARM and still had the debugging information intact, which made it a little easier to analyze.

IoT

IoT Malware Advertising Wireless

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

In November 2019, ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild. The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware.

Malware

Malware Hacking Government Telecommunications

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

link] — Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020. The malware first started out in 2016 as a banking trojan before shifting into a multi-purpose malware downloader that infected systems and provided access to other criminal groups using a business model known as MaaS (Malware-as-a-Service).

Banking

Banking Malware Advertising Financial Services

Cybersecurity Checklist for Political Campaigns

Lenny Zeltser

MAY 3, 2019

Install security updates for your apps and the OS as soon as they come out. Install software from the app store when possible, instead of downloading it from websites or getting it from other sources. Enable as many OS and app security features as practical. Uninstall the apps you don’t regularly use. government.

Cybersecurity

Cybersecurity Social Engineering Authentication Software

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

NOVEMBER 8, 2019

Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019. Below the Tweet published by Microsoft: While we currently see only coin miners being dropped, we agree w/ the research community that CVE-2019-0708 (BlueKeep) exploitation can be big.

Penetration Testing

Penetration Testing Malware Spyware Advertising

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

In a recent campaign observed on October 14th, the attackers are using multiple lures, including invoices, purchase orders, shipping information, COVID-19 information, and information about President Trump’s health. doc) attachments or include links to download the bait document. ” reported Bleeping Computer.

Banking

Banking Malware Security Intelligence Advertising

Cyber Security Informer

North Korea-linked APT Emerald Sleet is using a new tactic

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Trending Sources

Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

Microsoft warns of attacks delivering FlawedAmmyy RAT directly in memory

Microsoft warns TA505 changed tactic in an ongoing malware campaign

SEO poisoning campaign aims at delivering RAT, Microsoft warns

STRRAT RAT spreads masquerading as ransomware

Recorded Future to Provide Free Access to Elite Intelligence Through New Browser Extension

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Microsoft spotted multiple malspam campaigns using malware-laced ISO and IMG files

Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Microsoft found Shrootless bug in macOS that could bypass System Integrity Protection

A new Astaroth Trojan Campaign uncovered by Microsoft

Cybercrime Forum Data Set for 2019 and 2021 – Free Direct Download Technical Collection Copy Available! Grab a Copy Today!

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Threat actor has been targeting the aviation industry since at least 2018

European firm DSIRF behind the attacks with Subzero surveillance malware

IT giants warn of ongoing Chromeloader malware campaigns

Updated Kmsdx botnet targets IoT devices

New Echobot Botnet targets Oracle, VMware Apps and includes 26 Exploits

Purple Lambert, a new malware of CIA-linked Lambert APT group

Microsoft partnered with other security firms to takedown TrickBot botnet

Cybersecurity Checklist for Political Campaigns

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Emotet operators are running Halloween-themed campaigns

Stay Connected