Covid-19 Cyber Threat: DanaBot

COVID 19 is an ideal opportunity for malicious actors. With much of the global workforce working from home, we and our partners have seen a dramatic change in the compromise landscape (look for more analysis on that topic in an upcoming blog). The community is also very much aware of attempts to leverage popular websites,... Continue Reading →

How the Iranian Cyber Security Agency Detects Emissary Panda Malware

Other threat intelligence groups have previously publicised that the Chinese-attributed threat group, Emissary Panda (aka APT27, TG-3390, BRONZE UNION, Iron Tiger and LuckyMouse), have been targeting various sectors in the Middle East, including government organisations. On 15 December 2019, Iran's Minister of Communications and Information Technology, Mohammad Javad Azari-Jahromi, announced that Iranian authorities had detected foreign spying malware on their government servers which they attributed... Continue Reading →

Team Cymru Events Update

Cali, Colombia May 6-7, 2020 This message is to give you an update on our events for this year, as at March 11th, 2020.At this time, Team Cymru is moving forward and planning to be in Colombia for RISE in May and Strasbourg for UE in September, as well as Japan in November. LACNIC-33 are... Continue Reading →

Detecting Cyber Recon Using Network Signals

Author: David Monnier What's the value of a packet? How about three packets? In this post I'll show how you can identify potential reconnaissance being conducted on a network, including identifying the potential target, by taking specific note of one type of ICMP packet being produced by your border device. ICMP, or Internet Control Message... Continue Reading →

Azorult – what we see using our own tools

The Value of Being Able to Perform Threat Analysis outside the Boundaries of Your Enterprise... Looking at Dmitry Bestuzhev’s piece about AZORult cryptominer spreading as a fake ProtonVPN installer[1],   I took a glance in Augury at what we have for the malware hashes he provided and many are still very low in terms of their detection... Continue Reading →

Do you fly anon?

Author: Steve Santorelli Like many InfoSec professionals, I see the inside of a lot of airplanes. (However, I was not on that ship last month.) I recently flew back from our company HQ in Orlando to my home in California: Now, to set the scene, I’m on auto-pilot (no pun intended) as I travel. I... Continue Reading →

Up ↑