FortiGuard Labs discovered more than 500 Microsoft Excel files involved in a campaign to deliver a fresh Emotet Trojan variant. Read to learn more how to avoid this lure.…

Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service provide…

Proofpoint provides insights into TA416's activity targeting European governments as conflict in Ukraine escalates. Learn more about this Chinese state threat group.

Webhards is a platform used to distribute malware, and it is mainly used by attackers that mainly target Korean users. The ASEC analysis team has been monitoring malware types distributed through webhards and has uploaded multiple blog posts about them in…

The ASEC analysis team has discovered distribution of malicious HWP file disguised as “Press Release of 20th Presidential Election Early Voting for Sailors” as the presidential election draws near. The attacker distributed the malicious HWP file on February…

We analyze RURansom, a malware variant discovered to be targeting Russia. Originally suspected to be a ransomware because of its name, analysis reveals RURansom to be a wiper.

We detail APT41's persistent effort that allowed them to successfully compromise at least 6 U.S. state government networks by exploiting vulnerable web apps.

FortiGuard Labs discovered a phishing email addressed to a Ukrainian recipient that masqueraded as purchase order containing a PPT attachment aiming to deploy the Agent Tesla RAT. Learn more.…

In the first of a two-part series of blogs, we will delve deeper into Daxin, examining the driver initialization, networking, key exchange, and backdoor functionality of the malware.

We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis.

Read our blog post to learn how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.

What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets Executive Summary Since its reemergence on Nov. 14, 2021, Black Lotus Labs has once again been tracking Emotet, one of the world’s most prolific malware…

Avast Releases Decryptor for the Prometheus Ransomware. Prometheus is a ransomware strain written in C# that inherited a lot of code from an older strain called Thanos. Skip to how to use the Prometheus ransomware decryptor.  How Prometheus Works Prometheus…

In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which they…

We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords…

State-sponsored attackers, APT groups, and numerous hackers’ communities have been actively targeting the critical infrastructures.

In the second of a two-part series of blogs, we examine the communications and networking features of Daxin.

The heavily distributed botnet delivers a wide variety of payloads – and scans your network for weaknesses