» Threat Intelligence Blog

Context On April 25, 2023, BlackBerry threat intelligence researchers released their Global Threat Report for the December 2022-February 2023 period. According to the report, BlackBerry researchers observed up to 12 attacks per minute, new malware sample increases of 50% in prevalence. Key Takeaways Key findings from the report for the retail, hospitality, and travel communities…

On April 13, 2023, Cado Labs researchers reported the technical details of a new malware they dubbed “Legion.” Context According to the report, Legion is written in Python and includes credential harvesting and SMTP hijacking capabilities. Researchers reported that the tool is currently being sold on Telegram. Technical Details According to researchers, key features of…

Context On April 11, 2023, 3CX released the initial results of Mandiant’s incident response and investigation into the supply chain attack that compromised 3CXDesktopApp. According to the report, the activity is attributable to the North Korean threat group UNC4736. Technical Details According to Mandiant: “the attacker infected targeted 3CX systems with TAXHAUL (AKA “TxRLoader”) malware….

Context On March 29, 2023, Trend Micro security researchers reported a new malware they named “OpcJacker.” According to the report, OpcJacker includes multiple capabilities such as: Keylogging Taking screenshots Stealing sensitive data from browsers Loading additional modules Replacing cryptocurrency addresses in the clipboard for hijacking purposes Trend Micro researchers assessed that: The primary objective of…

Context On March 29, 2023, multiple cybersecurity firms began reporting that 3CXDesktopApp, a Voice Over Internet Protocol (VOIP) Private Automatic Branch Exchange (PABX) enterprise call routing software, is currently compromised in a supply chain attack. Multiple investigations have reported that an unknown threat actor has trojanized installers for 3CXDesktopApp, to install an information stealing malware….