Author name: William Thomas

Cyjax research sees TeamTNT added to Mitre ATT&CK framework

A wide variety of malware and threat actors target cloud and container technologies, such as Docker, Kubernetes, and Amazon Web Services. The two main techniques for initial access that are leveraged by threat actors against these technologies are misconfigured instances with unsafe ports open and improper access control, and users downloading malicious versions of popular […]

Cyjax research sees TeamTNT added to Mitre ATT&CK framework Read More »

Mercenary APTs – An Exploration

Mercenary advanced persistent threat (APT) groups, sometimes called “hackers-for-hire” – and dubbed private-sector offensive actors (PSOAs) by Microsoft – have become a significant part of the threat landscape in recent years. These cyber-soldiers of fortune have been executing increasing numbers of attack campaigns for their clients, usually nation-states, that are looking for surveillance capabilities. Not

Mercenary APTs – An Exploration Read More »

EMEA and APAC governments targeted in widespread credential harvesting campaign

Cyjax analysts have uncovered a large credential harvesting campaign targeting multiple government departments in APAC and EMEA countries. Over 50 hostnames were analysed, many of which were posing as the Ministry of Foreign Affairs, Ministry of Finance, or Ministry of Energy, in various countries such as Uzbekistan, Belarus, and Turkey; as well as the Main

EMEA and APAC governments targeted in widespread credential harvesting campaign Read More »

REvil-ution – A Persistent Ransomware Operation

REvil (short for Ransomware Evil) is a revolutionary ransomware operation. Its predecessor, GandCrab, which was retired in early 2019, pioneered the concept of ransomware-as-a-service (RaaS) for “big game hunting” campaigns (where corporate targets are selected according to their annual turnover). REvil’s operators (also known as GoldSouthfield or PinchySpider) continued where GandCrab left off, and thrived.

REvil-ution – A Persistent Ransomware Operation Read More »

Top 10 Cyber Threats – January to June 2021

In the first six months of 2021, many countries were experiencing the worst waves of the COVID-19 pandemic and organisations came under increased strain, both from a business standpoint and a cybercriminal one. Critical infrastructure and enterprises were hit by attacks from disruptive ransomware and the opportunistic exploitation of multiple 0day vulnerabilities by state-sponsored APTs.

Top 10 Cyber Threats – January to June 2021 Read More »

Background image

Financial spear-phishing campaigns pushing RATs

On 12 May, the FBI Cyber Division issued a TLP:WHITE Private Industry Notification. This concerned a spear-phishing campaign distributing messages that masqueraded as financial institutions to push fake Windows apps containing remote access Trojans (RATs). The most recent attack impersonated a US-based financial institution to target an American renewable energy company. The spear-phishing email referenced

Financial spear-phishing campaigns pushing RATs Read More »

WizardSpider using legitimate services as cloak of invisibility

Ransomware has continued to play a dominant role in the 2021 threat landscape alongside the unravelling SolarWinds saga and the recent wave of ProxyLogon attacks to deploy webshells on vulnerable Microsoft Exchange Servers [1]. Since the start of the year, Cyjax analysts have tracked a malicious spam (malspam) campaign and cybercriminal operation, dubbed WizardSpider (also

WizardSpider using legitimate services as cloak of invisibility Read More »

Scroll to Top