Magnet Goblin, a financially motivated threat actor, is swiftly adopting one-day security vulnerabilities into its arsenal to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. Threat actor group Magnet Goblin's hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, mainly targeting public-facing servers and edge devices. In some cases, the deployment of the exploits is within 1 day after a [proof-of-concept] is publi
anydesk (5)
The ransomware strain known as Play is now being offered to other threat actors "as a service." The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the Ransomware-as-a-Service (RaaS) and are following step-by-step instructions from playbooks delivered with it.
Cybercriminals are increasingly finding it just as lucrative to hire their toolkits out to other crooks so they can launch attacks of their own. Investigator
The purpose of this report is to detail the artifacts left by a third-party remote access tool during its setup and use. A third-party remote access tool allows people not physically in contact with a device to control, interact with it, and see its screen. Tools that do not allow visual interaction such as PsExec are not included in this study.
The motivation to do this study came from a tweet made by @IcsNick, listing "Remote Admin Tools that are abused by threat actors"1. Indeed, threat ac
Back in the late 1960’s there was a film called, The Good, the Bad and the Ugly. It was a story of three outlaw cowboys who exhibited these three moral traits. Sentinel Labs are now sharing a story of the modern day The Good, the Bad and the Ugly.
The Good - The man behind the development and sale of the NLBrute password-hacking tool was extradited to the United States this week. Known by his alias, dpxaker, US officials charged Russian national Dariy Pankov with computer and access device fr
The threat actor who recently breached Twilio systems also targeted Cloudflare, and a few of the web security company’s employees fell for the phishing messages. Twilio recently revealed that it became aware of unauthorized access to some of its systems on 04 August 2022. An investigation showed that the attackers had tricked some of its employees into providing their credentials, which they then used to access internal systems and obtain customer data.[1] The threat actor sent phishing tex
