» Threat Intelligence Blog

Context On September 6, 2022, researchers at AT&T Alien Labs reported technical details of a new malware, “Shikitega,” that targets endpoints and internet of things (IoT) devices running Linux operating systems. Once delivered, Shikitega allows actors full remote access to the infected system and installs a cryptominer with persistence. Key takeaways from the report include:…

The threat actors behind the BianLian Ransomware are rapidly expanding infrastructure, and it has been observed targeting manufacturing organizations. Context On September 1, 2022, researchers at the cybersecurity firm Redacted published a technical analysis of the BianLian ransomware. In the past month, BianLian has been observed being deployed against numerous sectors, including manufacturing, healthcare, and…

The new HYPERSCRAPE data extraction tool developed by the Iranian Charming Kitten threat group eases the process of stealing email data from targeted accounts. Context On August 23, 2022, Google Threat Analysis Group (TAG) researchers published a technical analysis of a unique data extraction tool they named “HYPERSCRAPE” used by the Iranian state-backed Charming Kitten…

Flashpoint’s 2022 Mid-Year Data Breach report shows an overall 15% decline in reported breaches from the same period last year and suggests that the retail, hospitality, and travel sectors are not among the industries reporting the most breaches by volume. Context On August 18, 2022, Flashpoint released its State of Data Breach Intelligence 2022 Midyear…

The SEABORGIUM phishing operation targets organizations with a connection to Russian interests leveraging three different open-source phishing kits, the most prevalent of which has been observed in recently reported phishing attacks. Context On August 15, 2022, Microsoft Threat Intelligence Center (MSTIC) researchers disclosed details of a phishing and cyberespionage operation that they disrupted in partnership…