Research & Intelligence
Unsecured Elasticsearch Data Replaced with Ransom Note
Counter Threat Unit Research TeamSecurity controls such as MFA can limit access to internet-facing databases. Read More
Cybersecurity Threat Intelligence Blogs Categories
Category: Research & Intelligence
Research & Intelligence
COBALT MIRAGE Conducts Ransomware Operations in U.S.
Counter Threat Unit Research TeamThe Iranian threat group blurs the line between financially motivated attacks and espionage. Read More
Research & Intelligence
REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence
Counter Threat Unit Research TeamUpdated samples indicate access to original source code and active development, signaling that GOLD SOUTHFIELD has resumed operations. Read More
Research & Intelligence
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
Counter Threat Unit Research TeamThe threat group’s targeting shift could reflect a change in China’s intelligence collection requirements due to the war in Ukraine. Read More
Research & Intelligence
GOLD ULRICK Continues Conti Operations Despite Public Disclosures
Counter Threat Unit Research TeamLeaks of GOLD ULRICK communications and operational details have not hampered ransomware activity. Read More
Research & Intelligence
GOLD ULRICK Leaks Reveal Organizational Structure and Relationships
Counter Threat Unit Research TeamMessages reveal collaboration and support among threat groups. Read More
Research & Intelligence
Excel Add-ins Deliver JSSLoader Malware
Counter Threat Unit Research TeamThe GOLD NIAGARA threat group has expanded its tactics for delivering the JSSLoader RAT, spoofing legitimate Microsoft Excel add-ins to infect systems. Read More
Research & Intelligence
Domains Linked to Phishing Attacks Targeting Ukraine
Counter Threat Unit Research TeamAnalysis of domains listed in a CERT-UA warning revealed additional domains linked to phishing attacks targeting Ukrainian government and military personnel and Polish-speaking individuals. Read More
Research & Intelligence
Disruptive HermeticWiper Attacks Targeting Ukrainian Organizations
Counter Threat Unit Research TeamPrior to the Russian military invasion, Ukrainian government and financial organizations were impacted by distributed denial of service and wiper attacks. Read More
Research & Intelligence
