Category: Threat Hunt

Hunt: Snowblind – The Invisible Hand of Secret Blizzard

A sophisticated attacker, potentially the “Secret Blizzard” group, has gained access to the network and is actively attempting to establish persistence, evade detection, escalate privileges, and collect sensitive data. They are likely using custom malware with advanced anti-analysis capabilities and are targeting specific systems and data.

Read more...

Lumma Stealer and Amadey Bot in Manufacturing

A threat actor has gained initial access to the manufacturing network and is utilizing the Lumma Stealer and Amadey Bot malware to steal sensitive data and maintain persistence.

Read more...

Exploitation of Firefox and Windows zero-day vulnerabilities

The RomCom threat actors are actively exploiting Firefox and Windows zero-day vulnerabilities to compromise systems, escalate privileges, establish persistence, and exfiltrate sensitive data.

Read more...

Threat Hunting Report: CyberVolk

The CyberVolk group is actively developing and deploying ransomware, potentially targeting organizations based on geopolitical motivations.

Read more...

Lazarus Lure in Yacht club

The Lazarus group is conducting a spearphishing campaign targeting individuals involved in the maritime industry, particularly yacht and luxury vessel sales, using malicious attachments to deliver malware.

Read more...

China shopping for Black Friday Gains

SilkSpecter actors are targeting online shoppers during the Black Friday period with spearphishing emails containing malicious attachments. These attachments likely contain obfuscated malware designed to evade detection and exfiltrate sensitive information like credit card details.

Read more...

DONOT Hunt Me

A threat actor is utilizing spearphishing emails with malicious attachments to gain initial access, establish persistence via scheduled tasks, and exfiltrate data over HTTP.

Read more...