Breach

14 Results / Page 2 of 2

Background

News + Ransomware + APT + Threat Intelligence + Breach + Cybercrime + Digital Forensics + Incident Response + Business Mjolnir Security / April 9, 2023

Leveraging THOR for Enhanced Incident Response and Compromise Assessments: Mjolnir Security’s Partnership with Nextron Systems

Introduction Incident response and compromise assessments are essential practices in maintaining a strong cybersecurity posture. As cyber threats continue to evolve, organizations need cutting-edge tools to stay ahead of malicious actors. This is where the partnership between Mjolnir Security and Nextron Systems comes into play. By leveraging the THOR tool ...

Ransomware + Dark Web + Breach + Cyber security + News + Malware Mjolnir Security / March 20, 2023

Cl0p Ransomware Group Exploits GoAnywhere Zero-Day: How Mjolnir Security’s Solution Outshines Conventional Security Tools

Introduction The cyber threat landscape is constantly evolving, and ransomware groups like Cl0p are consistently finding new ways to exploit vulnerabilities in the digital world. Recently, the Cl0p ransomware group targeted GoAnywhere, a popular Managed File Transfer (MFT) solution, exploiting a zero-day vulnerability. In this blog post, we will discuss ...

News + Malware + Ransomware + APT + Threat Intelligence + Breach + Cyber security + Cybercrime Mjolnir Security / November 28, 2022

Qakbot Malware Used By Black Basta In Series of Ransomware Attacks

Qakbot Malware Attacks Resurrected By Black Basta Hacker Collective Qakbot Malware Utilized as a Means of Cyber Extortion in Canada Qakbot malware and ransomware attacks have soared across the globe as a new hacker group known as “Black Basta” has targeted a number of Canadian corporations. Qakbot ransomware sometimes referred ...

todayDecember 15, 2017

  • 151
  • 1
close

Business + News + Malware + APT + Exploits + Backdoor + Threat Intelligence + Breach + SCADA Mjolnir Security

New ICS Attack Framework “TRITON” targeting Critical Infrastructure

Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. We have not attributed the incident to a threat actor, though we believe the activity is consistent with a nation state preparing for an attack. TRITON is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It follows Stuxnet which was used against Iran in 2010 and Industroyer which we believe was deployed by Sandworm Team against Ukraine in 2016. TRITON is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence. Malware Family Main Modules Description TRITON trilog.exe Main executable leveraging libraries.zip library.zip Custom communication library for interaction with Triconex controllers. Table 1: Description of TRITON Malware Incident Summary The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS ...

todayDecember 15, 2017

  • 119
close

Threat Intelligence + Breach + News + Malware + Ransomware + Backdoor Mjolnir Security

Remote Desktop Server Owners beware, new HC7 GOTYA Ransomware Installed via Remote Desktop Services

There was a time when most Server Administrations/Network Administrators would just change the port 3389 to any other and/or change default login username to a RDP server and assume its secure. While this may best practice, it doesnt really help as a simple nmap scan reveals the listening port and ...