Mercenary APTs – An Exploration

Mercenary advanced persistent threat (APT) groups, sometimes called “hackers-for-hire” – and dubbed private-sector offensive actors (PSOAs) by Microsoft – have become a significant part of the threat landscape in recent years. These cyber-soldiers of fortune have been executing increasing numbers of attack campaigns for their clients, usually nation-states, that are looking for surveillance capabilities. Not …

Mercenary APTs – An Exploration Read More »

Leaving Afghanistan: China and Russia take new world leadership role

The “Agreement for bringing peace in Afghanistan”, signed by the Taliban and the US on 29 February 2020, paved the way for a ceasefire between conflicting parties in Afghanistan and opened the door for the withdrawal of US and NATO troops from Afghan soil. As part of the agreement, the Taliban pledged to undertake a …

Leaving Afghanistan: China and Russia take new world leadership role Read More »

Ransomware Review – July 2021

The most significant ransomware attack in July was the Kaseya attack conducted by the REvil (also known as Sodinokibi) ransomware group. The REvil operators exploited a 0day vulnerability in Kaseya’s VSA servers to bypass authentication measures and perform arbitrary code execution. Notably, this vulnerability had already been privately disclosed to Kaseya, though it remains unclear …

Ransomware Review – July 2021 Read More »

Background image

Financial spear-phishing campaigns pushing RATs

On 12 May, the FBI Cyber Division issued a TLP:WHITE Private Industry Notification. This concerned a spear-phishing campaign distributing messages that masqueraded as financial institutions to push fake Windows apps containing remote access Trojans (RATs). The most recent attack impersonated a US-based financial institution to target an American renewable energy company. The spear-phishing email referenced …

Financial spear-phishing campaigns pushing RATs Read More »

Cybersecurity and Geopolitical Vodcast (in partnership with Security Magazine)

Cyjax has partnered with Security Magazine to bring you a monthly Cybersecurity and Geopolitical vodcast hosted by Chief Information Security Officer (CISO) of Cyjax, Ian Thornton-Trump, and Tristan de Souza (Editor and Head of Communications), in which they ruminate on the enmeshing of cybersecurity and geopolitics and the new challenges and intriguing flashpoints these bring to enterprise …

Cybersecurity and Geopolitical Vodcast (in partnership with Security Magazine) Read More »

Credential harvesting campaign targets government, military, and private sector organisations

Cyjax analysts have uncovered a mass credential harvesting campaign targeting a wide range of sectors, including government, military, law enforcement, healthcare, finance, technology, manufacturing, and energy. Key campaign attributes Malicious use of the SendGrid email marketing service to distribute URLs to the landing pages. Phishing emails leverage an image with an embedded URL that masquerades …

Credential harvesting campaign targets government, military, and private sector organisations Read More »

Ransomware – protect yourself or prepare to pay

There has been much debate in the cybersecurity world about the ethics and efficacy of ransomware payments. For many, the solution is simple: do not pay ransoms. Much like negotiating with terrorists, the logic suggests that paying ransomware operators encourages further attacks, sustaining the market, and perpetuating the cycle of compromise. If everyone refused to …

Ransomware – protect yourself or prepare to pay Read More »

Scroll to Top