Cyber threat actors are increasingly using and abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems.  Telegram is a cloud-based instant messaging and voice-over IP service. Telegram client apps are available for Android, iOS, Windows Phone, Windows NT, macOS, and Linux.  Users can send messages and exchange photos, videos, stickers, audio, and files of any type.  Even when Telegr

Recently, one Discord network search turned up 20,000 virus results, researchers found.  Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.

The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal exper

NYANxCAT is a prolific hacker who programs new pieces and versions of malware, shares it widely, and records blackhat hacker educational YouTube videos which has over 150,000 views.  He uses GitHub repository, sells his hacker tools and services using PayPal and Bitcoin.  In this report, we discuss some of the samples of NYANXCat malware, his business models, and possible Kuwaiti identity.

NYANxCAT Hacker Profile

Name:         possible name: Hmoud [Hu

Hackers are using a phishing campaign to deploy KONNI malware, a remote access trojan (RAT), via Microsoft Word documents containing malicious Visual Basic Application (VBA) macro code, according to a recent Department of Homeland Security (DHS) Cybersecurity and Infrastructure alert (CISA). 

First observed in 2014, the malware was linked to several campaigns tied to North Korea. There are also significant links in code with the NOKKI malware family and researchers possess some evidence that link

Three US agencies published a joint warning alert for private companies about new versions of Taidoor, a malware family previously associated with Chinese state-sponsored hackers.

The alert is from the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense's Cyber Command (CyberCom), and the Federal Bureau of Investigations (FBI).  The three US government agencies report they have observed Taidoor being used in new attacks.  The n

The electric grid is so important to any country’s national security and thus the high importance of keeping the electricity flowing.  Even an outage of only a few minutes can wreak havoc on any residence or business.  Cyber attackers responsible for distributing LookBack malware are targeting US utility providers with a new threat called “FlowCloud.”  The FlowCloud modular remote-access trojan (RAT) has similarities and connections to the LookBack malware.  The LookBack at its core is a remote