P2Pinfect is a rust-based malware analyzed extensively by Cado Security in the past. It is a reasonably sophisticated malware sample that uses a peer-to-peer (P2P) botnet for its command and control mechanism. Upon initial discovery, the malware mainly appeared dormant. It would spread primarily via Redis and a limited SSH spreader, but ultimately, it did not seem to have an objective other than to spread. Recently, we observed a new update to P2Pinfect that introduced ransomware and crypto
worm (2)
Palmerworm, an advanced persistent threat (APT) group, has been active since 2013 and is engage in cyber espionage campaigns that target organizations in the US, East Asia, particularly Taiwan, and occasionally Japan and Hong Kong. Palmerworm hackers are using new customized malware as well as ‘living off the land’ techniques manipulating tools and commands already built into an operating system for malicious purposes.
This APT group, also known as BlackTech, has conducted long-term espionage c
