Cybereason Nocturnus
Blog

Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms

Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms

| | Advanced persistent threat, Aerospace, Agrius APT, APT, Critical Infrastructure, cyberattack, Espionage, Europe, Iran, MalKamak, Malop, Malware, Nation-state Attack, national security, Nocturnus, Operation GhostShell, remote-access Trojan, research, ResearchCat, Russia, ShellClient RAT, telecommunications, telecoms, threat actors, Threat Intelligence, Turla, United States
In July 2021, the Cybereason Nocturnus and Incident Response Teams responded to Operation GhostShell, a highly-targeted cyber espionage campaign targeting the Aerospace and Telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia and Europe.  ... Read More
Blog
Cybereason vs. LockBit2.0 Ransomware

Cybereason vs. LockBit2.0 Ransomware

| | Accenture, Anti-Ransomware, cyberattack, Cybereason Defense Platform, Cybereason XDR Platform, Double Extortion, EDR, endpoint detection and response, Endpoint Protection Platform, enterprise security, EPP, Lockbit, LockBit2.0, LockBit2.0 Ransomware, Malware, Multi-Stage Ransomware, Network Security, Nocturnus, RansomOps, research, ResearchCat, Triple Extortion, Unified Endpoint Security, XDR
The Cybereason Nocturnus team has been tracking the LockBit ransomware since it first emerged in September 2019 as a ransomware-as-a-service (RaaS). Following the rise of the new LockBit2.0 and the latest events, including the attack against the global IT company Accenture, we wanted to provide more information about the attack ... Read More
Blog
DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos

DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos

| | APT, china, Nation-state Attack, national security, research, ResearchCat, telecommunications
Following the discovery of Hafnium attacks targeting Microsoft Exchange vulnerabilities, the Cybereason Nocturnus and Incident Response teams proactively hunted for various threat actors trying to leverage similar techniques in-the-wild. In the beginning of 2021, the Cybereason Nocturnus Team investigated clusters of intrusions detected targeting the telecommunications industry across Southeast Asia ... Read More
Blog
Cybereason vs. Prometheus Ransomware

Cybereason vs. Prometheus Ransomware

| | Advanced persistent threat, Anti-Ransomware, APT, Cybersecurity, Double Extortion, EDR, endpoint detection and response, Endpoint Protection Platform, enterprise security, EPP, Extended Detection and Response, Infosec, Malware, Network Security, Next Generation Antivirus, ngav, Prometheus Ransomware, Ransomware, research, ResearchCat, rEvil, security, Unified Endpoint Security
Prometheus is a relatively new variant of the Thanos ransomware that is operated independently by the Prometheus group, and was first observed in February of 2021. In just a short period of time, Prometheus caused a lot of damage, and breached over 40 companies ... Read More
Blog
PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector

PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector

| | Advanced persistent threat, APT, china, Cybereason, Cybereason Defense Platform, Cybersecurity, Infosec, Malware, Nation-state Attack, PortDoor Backdoor, research, ResearchCat, RoyalRoad, Russia, security, spear-phishing
The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which  employ RoyalRoad ... Read More
Blog
Cybereason vs. Avaddon Ransomware

Cybereason vs. Avaddon Ransomware

| | endpoint detection and response, Endpoint Protection Platform, EPP, Infosec, Malware, Ransomware, research, ResearchCat, security, Threat Alerts, Threat Intelligence, Unified Endpoint Security, VideosCat
Over the last few months, the Cybereason Nocturnus Team has been tracking the activity of the Avaddon Ransomware. It has been active since June 2020 and is operating with the Ransomware-as-a-Service (RaaS) and double extortion models, targeting sectors such as healthcare. Avaddon is distributed via malspam campaigns, where the victim ... Read More
Blog

New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign

| | Malware, research
The Cybereason Nocturnus Team has identified an active espionage campaign employing three previously unidentified malware variants that use Facebook, Dropbox, Google Docs and Simplenote for command & control and the exfiltration of data from targets across the Middle East. The full report can be downloaded here (ungated) and the Indicators ... Read More
Blog

New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign

| | Malware, research
The Cybereason Nocturnus Team has identified an active espionage campaign employing three previously unidentified malware variants that use Facebook, Dropbox, Google Docs and Simplenote for command & control and the exfiltration of data from targets across the Middle East. The full report can be downloaded here (ungated) and the Indicators ... Read More
Blog

Cybereason vs. Egregor Ransomware

| | Ransomware, research
Research by: Lior Rochberger ... Read More
Blog

Cybereason vs. Egregor Ransomware

| | Ransomware, research
Research by: Lior Rochberger ... Read More
Blog