Phishing
Threat Intelligence

FatalRAT Phishing Attacks Target APAC Industries Utilizing Chinese Cloud Services

Posted on February 25, 2025

By Bradford Regeski, Cyber Threat Intelligence Analyst

Executive Summary Kaspersky ICS CERT has identified SalmonSlalom, a sophisticated cyber campaign targeting industrial organizations in the Asia-Pacific (APAC) region. The attack employs a multi-stage payload delivery system, utilizing legitimate Chinese cloud services such as Youdao Cloud Notes and myqcloud for hosting and command-and-control operations. The malware framework delivers FatalRAT, a remote access trojan (RAT),…

Read More
Apple store
Threat Intelligence

New FrigidStealer Infostealer by New Threat Actors infects Multiple Devices via Compromised Websites

Posted on February 20, 2025

By Bradford Regeski, Cyber Threat Intelligence Analyst

Executive Summary Proofpoint has identified two new cybercriminal threat actors, TA2726 and TA2727, responsible for web inject campaigns that distribute malware through compromised websites, according to a recently published report. TA2726 and TA2727 actors operate traffic distribution services (TDS) to redirect users to fake update lures, leading to the installation of malware on Windows, MacOS, and…

Read More
Threat Intelligence

New Snake Keylogger Variant Leverages New Scripting Tools to Evade Detection

Posted on February 19, 2025

By Bradford Regeski, Cyber Threat Intelligence Analyst

Executive Summary FortiGuard Labs has identified a new variant of Snake Keylogger, also known as 404 Keylogger, which has been responsible for over 280 million blocked infection attempts worldwide. This malware is designed to steal sensitive credentials by logging keystrokes, accessing browser-stored passwords, and exfiltrating data through SMTP and Telegram bots; targeting Windows users primarily located in…

Read More
laptop with GTM
Threat Intelligence

Google Tag Manager Skimmer Steals Credit Card Information From Magento Sites

Posted on February 12, 2025

By Bradford Regeski, Cyber Threat Intelligence Analyst

Executive Summary A recent investigation by Sucuri uncovered a sophisticated credit card skimmer on a Magento-based eCommerce website, leveraging Google Tag Manager (GTM) to inject malicious JavaScript and steal payment details. The malware was hidden within the cms_block.content database table, allowing attackers to discreetly intercept checkout page transactions. Further analysis by Sucuri revealed a backdoor in the…

Read More
Fortinet
Threat Intelligence

Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls Utilizing Zero-Day

Posted on January 15, 2025

By Bradford Regeski, Cyber Threat Intelligence Analyst

Executive Summary In early December 2024, Arctic Wolf Labs identified a sophisticated cyberattack campaign targeting Fortinet FortiGate firewall devices. Unidentified threat actors exploited a suspected zero-day vulnerability to gain unauthorized access to the devices’ management interfaces, allowing them to alter firewall configurations and extract credentials using DCSync. Community Impact A successful compromise of FortiGate firewalls in this…

Read More