Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


16hour ago   WSzero, a DDoS family that uses 21 vulnerabilities to spread, has been developed to a 4th version    #alienvault #威胁情报 Netlab's BotMon system has continuously captured a DDoS-type botnet family written in Go, which was used in DDoS attacks and utilizes as many as 22 propagation methods including weak SSH/Telnet passwords. There have been 4 different versions developed over a short period of time.

18hour ago   A Closer look at BlackMagic ransomware    #alienvault #威胁情报 Cyble Research and Intelligence Labs  (CRIL) has identified a new ransomware group, named BlackMagic, which is targeting companies from Israel's Transportation and Logistics industry and sells data obtained from these attacks.

19hour ago   Fantasy – a new Agrius wiper deployed through a supply chain attack    #alienvault #威胁情报 ESET researchers have identified a new wiper used by the Agrius APT group to wipe data from victims including the diamond industry and a jeweler in Hong Kong in the early 2020s.

19hour ago   Calisto show interests into entities involved in Ukraine war support    #alienvault #威胁情报 An investigation by security company SEKOIA.IO has identified a Russian-nexus intrusion set, suspected to be targeting military and strategic research sectors such as NATO entities and a Ukraine-based defense contractor.

20hour ago   Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets    #alienvault #威胁情报 BlackBerry's Threat Research and Intelligence team has uncovered new details of an attack campaign carried out by the advanced persistent threat group Mustang Panda, also known as HoneyMyte, in Europe and Asia Pacific.

22hour ago   Cyber-Espionage in the Middle East: Investigating a New BackdoorDiplomacy Threat Actor Campaign    #alienvault #威胁情报 Bitdefender researchers investigated a malicious campaign involving the abuse of binaries vulnerable to sideloading, targeting the Middle East. Analysis of the evidence shows that traces correspond to a cyber-espionage operation performed most likely by Chinese threat actor BackdoorDiplomacy against

yday 22:28   DEV-0139 launches targeted attacks against the cryptocurrency industry    #alienvault #威胁情报 Microsoft Security Threat Intelligence is seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads. For example, Microsoft recently investigated an attack where the threat actor, tracked as DEV-013

yday 04:42   Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers    #alienvault #威胁情报 Since 2014, self-replicating variants of DDoS attacks against routers and Linux-based IoT devices have been rampant. Gafgyt botnets target vulnerable IoT devices and use them to launch large-scale distributed denial-of-service attacks. SOHO and IoT devices are ubiquitous, less likely to have secure

yday 04:05   Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities    #alienvault #威胁情报 In November, FortiGuard Labs observed a unique botnet written in the Go language being distributed through IoT vulnerabilities. This botnet, known as Zerobot, contains several modules, including self-replication, attacks for different protocols, and self-propagation. It also communicates with its co

yday 23:51   Vice Society: Profiling a Persistent Threat to the Education Sector    #alienvault #威胁情报 Vice Society is a ransomware gang that has been involved in high-profile activity against schools this year. Unlike many other ransomware groups such as LockBit that follow a typical ransomware-as-a-service (RaaS) model, Vice Society’s operations are different in that they’ve been known for using fo

dby 13:49   Analysis of an Intrusion Campaign Targeting Telco and BPO Companies    #alienvault #威胁情报 In this attack campaign, the adversary demonstrates persistence in trying to gain access to victim environments and performs constant, and typically daily, activity within the target environment once access is gained. It is imperative for organizations to swiftly implement containment and mitigation

dby 13:32   Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign    #alienvault #威胁情报 Symantec, by Broadcom Software, has discovered a previously undocumented dropper that is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services (IIS) logs. The dropper (Trojan.Geppei) is being used by

dby 05:33   Blowing Cobalt Strike Out of the Water With Memory Analysis    #alienvault #威胁情报 Cobalt Strike is a clear example of the type of evasive malware that has been a thorn in the side of detection engines for many years. It is one of the most well-known adversary simulation frameworks for red team operations. However, it’s not only popular among red teams, but it is also abused by ma

dby 03:18   Advanced Phishing Campaign Targeting Individuals & Businesses in the Middle East (Part 2)    #alienvault #威胁情报 An advanced phishing campaign targeting Middle East-based companies and their vendors has been uncovered by researchers at CloudSEK, an artificial intelligence (AI) platform in the United Arab Emirates (UAE).