Recently, IBM X-Force threat intelligence has been observing a rise in Dridex Banking Trogan related network attacks that are being driven by the Cutwail botnet. Also known as Pushdo or Pandex botnet. Cutwail botnet is originally infected by Cutwail Trojan, a malware able to download and execute files. Cutwail is a famous spam bot widely used in large-scale spam campaigns. It also serves as a DDoS botnet sending SSL attacks. Dridex is delivered as a second-stage infector after an initial docum
dridex (4)
Activity Summary - Week Ending 16 October 2020:
- Red Sky Alliance identified 52,441 connections from new unique IP addresses
- Analysts observed 159 unique email accounts compromised with Keyloggers
- 2,640 new IP addresses were observed participating in various Botnets
- SlothfulMedia
- New Dridex Malware Campaign
- Mobile Money being attacked in the retail world in Africa
- Securing Your Cell Enterprise against Retail Attacks
- Sam's West, Inc. Retail Giant - Analysis
- No Justice, No Peace at Sam’s Club
- Star
A newly identified group of financially motivated hackers, likely based in a Russian-speaking country, has been running high-volume phishing, ransomware, and extortion campaigns in the United States, Germany, and many other countries for the last four years, using the Clop ransomware and various backdoors in their operations.
Researchers at Mandiant have been tracking the group since 2016 and have responded to a number of intrusions in which the group, known as FIN11, has used initial access to
Cyber threat researchers have examined security incidents over the past several years that appear to connect North Korea's Lazarus Group with Russian speaking attackers. A recent analysis has examined reports from years of security incidents to pinpoint links between Lazarus Group, historically tied to North Korea, and Russian-speaking cybercriminals.
In a summary of his findings, Mark Arena, CEO of security firm Intel 471, holds two generally accepted assumptions: that Lazarus Group is tied to
