EclecticIQ Threat Research Team

EclecticIQ Blog

As the year draws to a close, EclecticIQ’s Intelligence & Research Team looked back on the 2023 cyber landscape: from the evolving tactics of Chinese state-sponsored cyber operations, the increasing integration of AI tools by threat actors, the implications of hacktivism in global conflicts, and the escalation of ransomware attacks ... Read More

Executive Summary On February 09, 2023, EclecticIQ analysts identified a spear phishing campaign targeting Ukrainian government entities like the Foreign Intelligence Service of Ukraine (SZRU) and Security Service of Ukraine (SSU). Analysts identified a publicly exposed Simple Mail Transfer Protocol (SMTP) server and assess with high confidence that the threat ... Read More

Executive Summary  In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. The latest attacks, which took place in February 2023, were almost identical to previous attacks reported by Group-IB on January 11, 2023 ... Read More

Tactics, Techniques, And Procedures Executed in Collaboration Between Jump Crypto and Oasis Networks to Hack Their Own Protocol The series of tactics, techniques, and procedures involved relies on the fact that a threat actor with access to assets from the Wormhole Bridge cyberattack in February 2022 recently transferred them into Oasis wallets ... Read More

Executive summary In May 2020 EclecticIQ Intelligence and Research Team published a report () on phishing lures impersonating the maritime industry. This research offers new insights and update on the topic. The key takeaways of this research are: A single threat cluster is conducting a campaign that is almost certainly ... Read More

As EclecticIQ looks back at the year since Russia’s initial invasion of Ukraine, it is clear cyberattacks have been an important part of Russia’s arsenal. This assessment is based on the variety of types of cyberattack methods leveraged, but also the prolonged timeline over which this cyber activity played out ... Read More

Malware Updates: New ESXi Ransomware Variant Counter Recovery Script Operators behind the ransomware attacks on VMware ESXi servers early February have updated their malware to counter a recovery script released by the Cybersecurity & Infrastructure Security Agency (CISA).[] The new variant makes recovery of encrypted data nearly impossible. The ransom ... Read More

Executive Summary EclecticIQ researchers observed multiple weaponized phishing emails probably targeting the Security Service of Ukraine (SSU), NATO allies like Latvia, and private companies such as Culver Aviation - a Ukrainian aviation company. Multiple overlaps between these incidents and previous attacks of the Gamaredon APT group (), such as command ... Read More

New and Noteworthy: Sandworm APT Group Attacked Ukrainian News Agency Ukrinform by Data Wiper Malwares On January 18, 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) identified a data wiper malware called CaddyWiper and it was used against a Ukrainian news agency, Ukrinform. This cyberattack was likely attributed to ... Read More

Last December, the team looked at various topics related to the field of cyber and information security. One thing is for certain: cybersecurity is not monolithic—there are so many facets of cybersecurity, each with its own challenges and unique potential. Because no single assessment can capture every nuance across the ... Read More