Cisco
Search results
Oct 16, 2023 · On Oct. 12, Cisco Talos Incident Response (Talos IR) and TAC detected what we later determined to be an additional cluster of related activity that began on that same day. In this cluster, an unauthorized user was observed creating a local user account under the name “cisco_support” from a second suspicious IP address (154.53.56[.]231).
Apr 24, 2024 · Cisco would like to thank the following organizations for supporting this investigation: ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.
Sep 3, 2024 · Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads. Cisco Talos recently discovered several related Microsoft Office documents uploaded to VirusTotal by various actors between May and July 2024 that were all generated by a version of a payload generator framework called “MacroPack.”.
Apr 16, 2024 · Cisco Talos is actively monitoring a global increase in brute-force attacks against a variety of targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024. These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing ...
May 10, 2023 · Cisco Talos would like to acknowledge Anna Bennett and Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global increase in brute-force attacks
Aug 28, 2024 · Threat Spotlight Cisco Talos Incident Response The BlackByte ransomware group continues to leverage tactics, techniques and procedures (TTPs) that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and deploying a self-propagating, wormable ransomware encryptor.
Feb 20, 2024 · Cisco Talos contacted Google to ensure that they were made aware of the activity recently observed across the threat landscape. Email campaigns While we have observed the use of Google Cloud Run URLs included in emails for quite some time, the vast majority of the total volume we have observed over the past 18 months has occurred since September 2023.
Feb 8, 2024 · Cisco Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”. We believe an advanced threat actor is carrying out this attack, based on the ...
Nov 30, 2023 · The SugarGh0st sample analyzed by Cisco Talos is a 32-bit dynamic link library in C++ compiled on Aug. 23, 2023. During its initial execution, SugarGh0st creates a mutex on the victim’s machine using the hard-coded C2 domain as an infection marker and starts the keylogging function.
Aug 21, 2024 · Wednesday, August 21, 2024 06:00. APT DPRK North Korea malware. Cisco Talos is exposing infrastructure we assess with high confidence is being used by a state-sponsored North Korean nexus of threat actors we track as “UAT-5394," including for staging, command and control (C2) servers, and test machines the threat actors use to test their ...
