In this blog, we will present some findings on how NanoCore RAT 18.104.22.168 is actively being delivered in new and different ways that we discovered at Morphisec Labs in the last couple of months. Specifically, we will focus on the sophisticated fileless methods for delivering the RAT without touching the disk.Read More
During the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the hotel-entertainment industry. It is believed that the malware was deployed as a result of several phishing attempts.Read More
Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family of RATs that pop-up in various new formats. Today we see this attack employed on a regular basis as part of widespread spam phishing campaigns - if successful, Hworm gives the attacker complete control of the victim’s system. Morphisec Labs recently observed a new version with a minor modification to its obfuscation technique.Read More
A new, highly sophisticated campaign that delivers the Orcus Remote Access Trojan is hitting victims in ongoing, targeted attacks. Morphisec identified the campaign after receiving notifications from its advanced prevention solution at several deployment sites.Read More
Let’s face it – there are a lot of threat reports and threat data floating around. What makes the Morphisec Labs Threat Report different is the type of threats it analyzes. It focuses on the threats that pose a real risk to organizations, the ones that get past standard and next-generation AI antivirus.Read More
Note: This post was updated 11-30-18 with details of a new intercepted attack. See technical description below.
Over the past three days, Morphisec Labs researchers have discovered a widespread cyber campaign hitting multiple targets. Morphisec researchers dubbed the campaign “Pied Piper”as it delivers various Remote Access Trojan (RAT) payloads via phishing, across multiple countries.Read More
This blog was co-authored by Alon Groisman.
It seems like the rumors of FIN7’s decline have been hasty. Just a few months after the well-publicized indictment of three high-ranking members in August, Morphisec has identified a new FIN7 campaign that appears to be targeting the restaurant industry.Read More
Subscribe to our blog
Stay in the loop with industry insight, cyber security trends, and cyber attack information and company updates.