Espionage activity targeting Asian governments, Webworm develops customized tools, and latest Noberus TTPs 6r1k3j

22/09/2022

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are ed by...

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are ed by Symantec threat researcher Alan Neville to discuss some of the recent blogs that the Symantec Threat Hunter team has published. We discuss a new wave of espionage activity targeting Asian governments by attackers who were formerly associated with the ShadowPad malware but who appear to have now adopted a new toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. We also examine the current activities of a group we call Webworm, which has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. We also discuss a blog we have published about the Noberus (aka BlackCat ) ransomware, and the recent tactics, tools, and procedures we have seen deployed alongside that ransomware recently.

Witchetty espionage group activity, Microsoft Exchange Server zero days, and U.S. defense sector targeted by APT groups +1 año 27:50 Budworm espionage activity, Spyder Loader malware, and Ransom Cartel links to Sodinokibi +1 año 18:14 Exbyte exfiltration tool, Cranefly uses new tools and novel technique, and OpenSSL bug is downgraded +1 año 20:42 New Billbug campaign, Prestige ransomware, and multiple arrests of alleged cyber-crime gang +1 año 25:38 Mobile app security, Russian invasion of Ukraine cyber impact continues, and Evil Corp switches focus +1 año 31:07 Ver más en APP Comentarios del episodio 3g584l