LIMINAL PANDA has used compromised telecom servers to initiate intrusions into further providers in other geographic regions. The adversary conducts elements of their intrusion activity using protocols that support mobile telecommunications.

An unidentified threat actor is taking advantage of the recent Falcon Sensor update issues to distribute fake installers via a fraudulent website impersonating a German entity.

The HijackLoader sample exhibits complex multi-stage behavior, including process hollowing, transacted section hollowing, and user mode hook bypass using Heaven’s Gate, to inject and execute the final payload while evading detection.

Between early 2022 and 2023, CrowdStrike Intelligence observed IMPERIAL KITTEN conduct SWC operations with a focus on targeting organizations in the transportation, logistics, and technology sectors.

In addition to the investment, Salt Security and CrowdStrike are partnering to bring together leading technology to apply API discovery and runtime protection on applications, and enable security testing to harden APIs before release.

The phishing email implies the recipient’s company has been breached and insists the victim call the included phone number. The campaign leverages similar social-engineering tactics to those employed in WIZARD SPIDER’s 2021 BazarCall campaign.

Popular for compromising internet-connected devices and conducting distributed denial of service (DDoS) attacks, Mirai malware variants have been known to compromise devices that run on Linux builds.

Cybercrime has evolved over the past several years from simple “spray and pray” attacks to a sophisticated criminal ecosystem centered around highly effective monetization techniques that enable adversaries to maximize success and profitability.

There may be a risk of retaliatory activity by threat actors supporting the Russian Federation, against organizations being leveraged to unwittingly conduct disruptive attacks against government, military, and civilian websites.

The initial installers were masquerading as legitimate installers, but the programs were also packaged with malicious scripts and payloads to perform automated reconnaissance and download the Zloader trojan, and in some cases, Cobalt Strike.