Threat Research

Beginning on February 11, a massive ransomware attack targeted 100 hospitals throughout Romania. The attackers exploited vulnerabilities in the hospitals' systems, compelling them to shut down critical infrastructure. The malware behind this attack is part of the Phobos family and is identified as BackMyData ransomware....

GO Stealer malware is being used in a cyber espionage campaign targeting the Indian Air Force. This sophisticated malware is designed to steal sensitive data and intelligence, specifically aimed at compromising military operations and sensitive information within the Indian Air Force. The campaign highlights the growing threat of targeted attacks on defense organizations....

DarkGate is a comprehensive toolkit that equips attackers with extensive tools to fully compromise victim systems. As a loader and botnet malware, DarkGate has been in circulation since 2017....

The Royal ransomware first appeared in 2022 and quickly emerged as a major threat in the cybersecurity world. Throughout its operation, Royal has targeted both U.S. and international organizations, breaching their networks with malicious objectives. Importantly, this variant developed from an earlier iteration that used a loader named “Zeon.”...

APT28’s OCEANMAP backdoor is a sophisticated piece of malware used by the Russian cyber espionage group APT28 (also known as Sofacy or Fancy Bear). Identified initially by CERT-UA, OCEANMAP enables attackers to gain remote control over infected systems, allowing them to steal data and perform espionage activities....

The Leprechaun malware loader has emerged as a new threat, potentially replacing IcedID. It is a sophisticated loader with serious capabilities. This novel malware features three key components with specific functions in the current landscape....

Lockkey is a ransomware variant developed in the Go programming language, which may offer better cross-platform compatibility and resilience compared to those written in C++. Although detailed technical mechanisms are not publicly available, the following outlines common ransomware behaviors and potential areas for analysis....

"TicTacToeDropper" is a type of malware that acts as a dropper, designed to deploy other malicious payloads onto an infected system. It typically operates by initially delivering a small, inconspicuous component that then downloads and installs additional malicious software....

The "Bellingcat Malware Investigation" refers to a series of investigative efforts by the open-source intelligence group Bellingcat to analyze and uncover details about malware used in cyberattacks....

Androxgh0st is a type of malware designed for stealthy operations and advanced cyber attacks. It typically functions as a remote access trojan (RAT), allowing attackers to gain unauthorized control over infected systems. Its capabilities often include data exfiltration, keystroke logging, and the manipulation of system files....