Whois

Whois / Industry Updates

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

A decade-old advanced persistent threat (APT) group called "Stately Taurus," also known as "Mustang Panda" and "Earth Preta," was recently observed targeting Association of Southeast Asian Nations (ASEAN) countries in cyberespionage activities. Specifically, Palo Alto Networks observed two malware packages that may have been used to target Japan, Myanmar, the Philippines, and Singapore.

Looking for More Signs of Nitrogen in the DNS

Malwarebytes Labs recently published a report on the latest Nitrogen malware campaign that has been targeting system administrators using fake ads in the guise of Google sponsored search results. According to the security analysts, the victims are currently limited to North America.

Unraveling the World of Security Data Aggregation

More than 30.6 billion records have been exposed in 2024 so far based on 8,839 publicly disclosed incidents. Intensifying cybersecurity efforts has thus become more critical than ever for organizations the world over.

A DNS Investigation of the Typhoon 2FA Phishing Kit

Bleeping Computer recently reported that a phishing-as-a-service (PhaaS) available in cybercriminal forums dubbed "Typhoon 2FA" has the ability to compromise Microsoft 365 and Google accounts even if users have two-factor authentication (2FA) enabled.

Examining a U.S. Tax Scammer’s Web Infrastructure through the DNS Lens

The 2024 U.S. tax season is well underway, and as usual, scams of all kinds targeting taxpayers and causing the Internal Revenue Service (IRS) problems have cropped up. One such ongoing malicious campaign has explicitly been trailing its sights on small business owners and the self-employed.

Digging Deep to Examine the Roots of the Glupteba UEFI Bootkit

Glupteba, an advanced piece of malware, has been used in several cybercriminal attacks for more than a decade now. But Palo Alto's Unit 42 only brought to light one of the features that made it so effective - its Unified Extensible Firmware Interface (UEFI) bootkit component, which allowed it to intervene and control the operating system (OS) boot process and be extremely difficult to detect and remove, last November 2023.

Hunting for TimbreStealer Malware Artifacts in the DNS

A new info-stealing malware called "TimbreStealer" is in town. Cisco Talos detected its distribution through a phishing campaign targeting Mexico.

A Glimpse into the Global Domain Registration Trends Seen in Q1 2024

After analyzing 21+ million newly registered domains (NRDs) added from 1 January to 31 March 2024, our researchers found that the new domain registration volume declined by about 32% from the previous quarter.

Uncovering Suspicious Download Pages Linked to App Installer Abuse

Threat actors have been abusing App Installer, a Windows 10 feature that makes installing applications more convenient. The abuse could lead to ransomware distribution and was likely carried out by financially motivated actors Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674.

On the DNS Trail of the Rise of macOS Backdoors

macOS has been gaining the unwanted attention of more and more backdoor operators since late 2023. In February 2024, Bitdefender uncovered RustDoor, which was written in Rust and possibly has ties to the operators of a Windows ransomware.