initial access broker
North Korean hackers pave the way for Play ransomware
North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing …
Zscaler swats claims of a significant breach
On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited …
New Latrodectus loader steps in for Qbot
New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the …
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes
A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal …
Microsoft Teams phishing: Enterprises targeted by ransomware access broker
A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. “For this activity, …
Attackers use portable executables of remote management software to great effect
Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially …
Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands
The Ukrainian CERT (CERT-UA) has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are …
Cisco has been hacked by a ransomware gang
U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. …
Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …
The TTPs of Conti’s initial access broker
Automation might be the way to go for many things, but a recently published report by Google’s Threat Analysis Group (TAG) shows why targeted phishing campaigns …