» Threat Intelligence Blog

Vienna, VA (September 29, 2022) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released the first-ever public version of the Retail & Hospitality Intelligence Trends Summary, which analyzes trends in the cyberthreat landscape for the retail, hospitality, and travel sectors. The report sheds light on the top threats and malware families reported…

A recent campaign drops Cobalt Strike Beacons, the RedLine Infostealer, and the Amadey Botnet with malicious scripts using two distinct methods. Context On September 28, 2022, Talos security researchers reported a campaign delivering Cobalt Strike beacons, the RedLine Infostealer, and Amadey botnet executables active since at least August 2022. Cobalt Strike is by far the…

A new dropper named “NullMixer” is spreading multiple malware families, including some seen regularly by the RH-ISAC community. Context On September 26, 2022, researchers at SecureList reported a new dropper they named “NullMixer” which spreads multiple malware families via malicious websites impersonating legitimate software downloads. According to SecureList, in addition to multiple malware families, NullMixer…

On September 21, 2022, the LockBit 3.0 ransomware builder named “Black” was leaked online by a developer working for the LockBit threat group. On September 22, 2022, security researchers Yang HuiSeong and Jeong Hyunsik released a technical analysis of the code. The leaked code is currently available on GitHub. Threat Actor Details LockBit is a…

Context On September 6, 2022, researchers at AT&T Alien Labs reported technical details of a new malware, “Shikitega,” that targets endpoints and internet of things (IoT) devices running Linux operating systems. Once delivered, Shikitega allows actors full remote access to the infected system and installs a cryptominer with persistence. Key takeaways from the report include:…