Malware

20 Results / Page 2 of 3

Background

News + Malware + Ransomware + APT + Threat Intelligence + Breach + Cyber security + Cybercrime Mjolnir Security / November 28, 2022

Qakbot Malware Used By Black Basta In Series of Ransomware Attacks

Qakbot Malware Attacks Resurrected By Black Basta Hacker Collective Qakbot Malware Utilized as a Means of Cyber Extortion in Canada Qakbot malware and ransomware attacks have soared across the globe as a new hacker group known as “Black Basta” has targeted a number of Canadian corporations. Qakbot ransomware sometimes referred ...

todayFebruary 3, 2021

  • 178
  • 1
Featuredstar
close

News + Malware + Botnet + Ransomware Mjolnir Security

Fall of Emotet

On January 27, 2021, news broke from Europol that a collaborative effort had effectively taken down and disrupted one of the most significant botnets in the past decade – Emotet. This global action and collaborative initiative incorporated authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, ...

todayAugust 3, 2019

  • 98
close

News + Malware + Botnet + Threat Intelligence Mjolnir Security

Resurgence of Zeus

Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on various versions of Microsoft Windows. While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. In a blog post ...

Mjolnir Security Torri Botnet IOC

todaySeptember 29, 2018

  • 190
  • 1
close

Business + News + Malware + Botnet + Exploits + Threat Intelligence + IoT Mjolnir Security

Torii Botnet

Security researchers at Avast have discovered a new malware strain that uses comes with a quite rich set of features for exfiltration of (sensitive) information, modular architecture capable of fetching and executing other commands and executables and all of it via multiple layers of encrypted communication named Torii. We have already ...

Hidden Cobra Mjolnir Security

todayMay 30, 2018

  • 196
close

APT + Threat Intelligence + News + Malware Mjolnir Security

North Korean Malicious Cyber Activity: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

Backdoor.Joanap is a malicious program which is developed by cyber criminals to gain illegal income. It uses several stealthy ways to get inside the targeted computer and after successful invasion it carry out several malicious activities. According to a research this malware hides its executable in INI and CNF files ...

todayMay 23, 2018

  • 87
close

Threat Intelligence + IoT + News + Malware + Botnet Mjolnir Security

VPNFilter Malware targets over half a million networking devices worldwide

A new malware known as VPNFilter capable of targeting a range of routers and NAS devices rendering infected devices unusable and also capable of maintaining a persistent presence on an infected device, even after a reboot. VPNFilter has a range of capabilities including spying on traffic being routed through the ...

todayDecember 15, 2017

  • 140
  • 1
close

Business + News + Malware + APT + Exploits + Backdoor + Threat Intelligence + Breach + SCADA Mjolnir Security

New ICS Attack Framework “TRITON” targeting Critical Infrastructure

Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations. This malware, which we call TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. We have not attributed the incident to a threat actor, though we believe the activity is consistent with a nation state preparing for an attack. TRITON is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It follows Stuxnet which was used against Iran in 2010 and Industroyer which we believe was deployed by Sandworm Team against Ukraine in 2016. TRITON is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence. Malware Family Main Modules Description TRITON trilog.exe Main executable leveraging libraries.zip library.zip Custom communication library for interaction with Triconex controllers. Table 1: Description of TRITON Malware Incident Summary The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS ...