threatintelligence (3)

13668991853?profile=RESIZE_400xThe FortiCNAPP team, part of FortiGuard Labs, recently investigated a cluster of virtual private servers (VPS) used for Monero mining. The identified samples are associated with prior H2miner campaigns that we documented in 2020 and have since been updated with new configurations. H2Miner is a Crypto mining botnet that has been active since late 2019.

Researchers also identified a new variant of the Lcryx ransomware, called Lcrypt0rx. Lcryx is a relatively new VBScript-based ransomware strain fi

13660412470?profile=RESIZE_400xCybersecurity researchers have observed a surge in identity-driven cyberattacks targeting employee login credentials.   According to a new report by eSentire’s Threat Response Unit (TRU), between 2024 and the first quarter of 2025, 19,000 identity-related cyber investigations revealed a 156% increase in such threats compared to 2023.  These incidents now account for 59% of all confirmed threats across eSentire’s customer base of over 2000 organizations.[1]

One of the biggest enablers of this tre

13571149493?profile=RESIZE_400xThe analysis from Fortinet below is part of an incident investigation led by their Incident Response Team.  Their researchers discovered malware that had been running on a compromised machine for several weeks.  The threat actor had executed a batch of scripts and PowerShell to run the malware in a Windows process.  Although obtaining the original malware executable was difficult, a memory dump of the running malware process and a full memory dump of the compromised machine (the “fullout” file,