CYJAX White Paper – Cloud Threat Landscape Report: Synopsis

CYJAX has published a new White Paper which explores the current threat landscape affecting the cloud, including notable threat actors, attacks, vulnerabilities and service abuses that have been observed this year. Threat actors are increasingly targeting cloud services as more organisations implement solutions such as Microsoft Azure, Amazon Web Services and Google Cloud Platform for …

CYJAX White Paper – Cloud Threat Landscape Report: Synopsis Read More »

Who is Trickbot?

Since the start of the Russia-Ukraine conflict, Russian based cybercrime groups have been placed into a difficult position. With many groups being comprised of a variety of different nationalities, the various members need to make decisions on allegiance. Leading the charge was the Conti ransomware group who decided on 25 February 2022 to make a …

Who is Trickbot? Read More »

Cyjax research sees TeamTNT added to Mitre ATT&CK framework

A wide variety of malware and threat actors target cloud and container technologies, such as Docker, Kubernetes, and Amazon Web Services. The two main techniques for initial access that are leveraged by threat actors against these technologies are misconfigured instances with unsafe ports open and improper access control, and users downloading malicious versions of popular …

Cyjax research sees TeamTNT added to Mitre ATT&CK framework Read More »

Persistent AgentTesla campaign targeting the UAE

Cyjax analysts have analysed a long-running AgentTesla infostealer campaign targeting Dubai and the United Arab Emirates (UAE). The campaign began in at least January 2021 and the samples we gathered continued, almost daily, until May 2021. We have also seen new samples compiled in October 2021. Unlike most AgentTesla campaigns, the targeting focused heavily on …

Persistent AgentTesla campaign targeting the UAE Read More »

Ransomware Review – July 2021

The most significant ransomware attack in July was the Kaseya attack conducted by the REvil (also known as Sodinokibi) ransomware group. The REvil operators exploited a 0day vulnerability in Kaseya’s VSA servers to bypass authentication measures and perform arbitrary code execution. Notably, this vulnerability had already been privately disclosed to Kaseya, though it remains unclear …

Ransomware Review – July 2021 Read More »

REvil-ution – A Persistent Ransomware Operation

REvil (short for Ransomware Evil) is a revolutionary ransomware operation. Its predecessor, GandCrab, which was retired in early 2019, pioneered the concept of ransomware-as-a-service (RaaS) for “big game hunting” campaigns (where corporate targets are selected according to their annual turnover). REvil’s operators (also known as GoldSouthfield or PinchySpider) continued where GandCrab left off, and thrived. …

REvil-ution – A Persistent Ransomware Operation Read More »

WizardSpider using legitimate services as cloak of invisibility

Ransomware has continued to play a dominant role in the 2021 threat landscape alongside the unravelling SolarWinds saga and the recent wave of ProxyLogon attacks to deploy webshells on vulnerable Microsoft Exchange Servers [1, 2]. Since the start of the year, Cyjax analysts have tracked a malicious spam (malspam) campaign and cybercriminal operation, dubbed WizardSpider …

WizardSpider using legitimate services as cloak of invisibility Read More »

Scroll to Top