Unsecured Elasticsearch Data Replaced with Ransom Note
Counter Threat Unit Research TeamSecurity controls such as MFA can limit access to internet-facing databases. Read More
Security controls such as MFA can limit access to internet-facing databases. Read More
The Iranian threat group blurs the line between financially motivated attacks and espionage. Read More
Updated samples indicate access to original source code and active development, signaling that GOLD SOUTHFIELD has resumed operations. Read More
The threat group’s targeting shift could reflect a change in China’s intelligence collection requirements due to the war in Ukraine. Read More
Leaks of GOLD ULRICK communications and operational details have not hampered ransomware activity. Read More
Messages reveal collaboration and support among threat groups. Read More
The GOLD NIAGARA threat group has expanded its tactics for delivering the JSSLoader RAT, spoofing legitimate Microsoft Excel add-ins to infect systems. Read More
Analysis of domains listed in a CERT-UA warning revealed additional domains linked to phishing attacks targeting Ukrainian government and military personnel and Polish-speaking individuals. Read More
Prior to the Russian military invasion, Ukrainian government and financial organizations were impacted by distributed denial of service and wiper attacks. Read More