Threat Intelligence

HermeticWiper: Another Threat Targeting Ukraine at Large

HermeticWiper, also known as "IsaacWiper" or "Sandworm," which wipes the data on computers, rendering them useless, has reportedly affected hundreds of Ukrainian users since it surfaced. While a few cybersecurity specialists have publicized indicators of compromise (IoCs) related to the ongoing campaigns, we found more connected web properties that users may need to steer clear of to avoid becoming the next victims.

Operation Dream Job: Same Tactics, New Vulnerability and Domains?

Operation Dream Job, a malicious group first seen in 2020, involves threat actors spoofing job hunting sites to lure people. It resurfaced in February 2022, this time exploiting a zero-day vulnerability in Google Chrome more than a month before the flaw was detected and a patch was made available.

What Are the DNS Artifacts Associated With APT36 or Earth Karkaddan?

APT36 or Earth Karkaddan is an advanced persistent threat (APT) actor group targeting various government entities, most especially those based in India. The web properties they use for campaigns include only a few domains and IP addresses along with related malware hashes as indicators of compromise (IoCs).

A Look at Actinium/Gamaredon’s Infrastructure: More Artifacts Revealed

Actinium/Gamaredon, reported as a Russian advanced persistent threat (APT) group that has been active for almost a decade now, had started trailing their sights on Ukrainian organizations back in February 2022.

From Fake News Proliferation to Data Theft: Tracing the Red Cross Hack to a Misinformation Network

The International Committee of the Red Cross (ICRC) hack in January 2022 led to the compromise of the sensitive information belonging to 515,000 people. While no indicators of compromise (IoCs) relevant to the attack have been publicized, a security researcher did expose a possible link to an Iranian misinformation network.

Behind the Innovative Marketing Rogue Scareware Distribution Network

Cybercriminal network Innovative Marketing made headlines in rogue scareware's heyday. Between its founding in Kyiv, Ukraine, in 2009 and the three years it continued operating, the company reportedly amassed close to US$700 million in revenue.

Be Wary of Bogus Web Properties This Tax Season

The U.S. tax season began when the Internal Revenue Service (IRS) started accepting and processing 2021 tax returns on 24 January 2022. The deadline is set for 18 April 2022, and taxpayers expect to receive email notifications regarding penalties, refunds, and other tax-related issues

Are Cybersquatters Going After the Car Manufacturing Sector?

Distinguishing properties added by the companies themselves is an essential part of this study. If the legitimate company owns the domains and subdomains, they have control over these assets. Otherwise, the digital properties can be considered rogue that can be potentially used in brand abuse, phishing campaigns, and other malicious activities.

When Safe Doesn’t Mean Threat-Free, Watch Out for Rogue Internet Safety Sites

Many countries worldwide celebrate Safer Internet Day every February 8. And while most parents always strive to do their best to keep their children safe while browsing the Web, threat actors still manage to abuse their good intentions. How?

The Oscars and Suspicious Web Activity: What’s the Link?

It's not unusual for movies, actors, and actresses to serve as lures in cyber attacks. Our recent post on "Spider-Man: No Way Home" proved that. Phishers and other threat actors will, unfortunately, try to capitalize on anything that's bound to get a lot of user attention. And the annual Oscar Awards is no stranger to such a scenario. Just last year, in fact, hackers used nominated films as phishing baits. This year may be no different.