In this blog, we will present some findings on how NanoCore RAT 1.2.2.0 is actively being delivered in new and different ways that we discovered at Morphisec Labs in the last couple of months. Specifically, we will focus on the sophisticated fileless methods for delivering the RAT without touching the disk.
Read MoreIn August of 2019, just a month after our publication on a targeted BitPaymer/IEncrypt campaign, Morphisec identified a new and alarming evasion technique that the same adversaries adopted while targeting yet another enterprise in the automotive industry.
Read MoreThis week, headlines blew up with warnings of a design flaw in the CTF subsystem (msctf) of the Windows Text Services Framework that affects all current Windows systems and those going back as far as twenty years.
Read MoreMorphisec Labs recently investigated an ongoing BitPaymer ransomware campaign that has been attacking companies across the U.S., both public and private, over the last 3 months.
Read MoreDuring the period of March to May 2019, Morphisec Labs observed a new, highly sophisticated variant of the ShellTea / PunchBuggy backdoor malware that attempted to infiltrate a number of machines within the network of a customer in the hotel-entertainment industry. It is believed that the malware was deployed as a result of several phishing attempts.
Read More
Hworm/njRAT is a Remote Access Tool (RAT) that first appeared in 2013 in targeted attacks against the international energy industry, primarily in the Middle East. It was soon commoditized and is now part of a constantly evolving family of RATs that pop-up in various new formats. Today we see this attack employed on a regular basis as part of widespread spam phishing campaigns - if successful, Hworm gives the attacker complete control of the victim’s system. Morphisec Labs recently observed a new version with a minor modification to its obfuscation technique.
Read MoreIntroduction
This week, Kaspersky Lab reported initial details of a new supply chain attack on systems by computer giant ASUS. Dubbed ShadowHammer by Kaspersky, the attack leveraged a malicious version of ASUS Live Update,
Read MoreOver the past two weeks, Morphisec Labs has identified an increase in AVE_MARIA malware infecting victims through a variety of phishing methods. One of the downloader components and C2 metadata are similar to those we saw in the Orcus RAT attacks last month and we believe they are by the same threat actor.
Read MoreThis post was authored by Michael Gorelik and Alon Groisman.
Over the past 8-10 weeks, Morphisec has been tracking multiple sophisticated attacks targeting Point of Sale thin clients globally.
Read MoreThis post was authored by Michael Gorelik, Alon Groisman and Bruno Braga.
A new, highly sophisticated campaign that delivers the Orcus Remote Access Trojan is hitting victims in ongoing, targeted attacks. Morphisec identified the campaign after receiving notifications from its advanced prevention solution at several deployment sites.
Read MoreSubscribe to our blog
Stay in the loop with industry insight, cyber security trends, and cyber attack information and company updates.
Search Our Site
Recent Posts
Posts by Tag
- Cyber Security (94)
- Endpoint Security (70)
- Cyber Attacks (45)
- Attack Analysis (44)
- Company News (37)
- Moving Target Defense (35)
- Exploits (30)
- Ransomware (20)
- Threat Alerts (18)
- APT (16)
- Fileless Attacks (15)
- Threat Profile (15)
- CISO (14)
- Events (14)
- Industry News (14)
- Morphisec Labs (14)
- Research (14)
- Zero-day (14)
- 0-day exploits (10)
- Patching (9)
- Product (9)
- Sandbox evasion (6)
- Exploit Kit (5)
- Mordechai Guri (5)
- ASLR (4)
- Custom Packer (4)
- Cyber Security Predictions 2017 (4)
- VDI (4)
- Angler Kit (3)
- Case Study (2)
- FIN7 (2)
- MLTR (2)
- MS Office Exploits (2)
- Malspam (2)
- POS (2)
- Threat Report (2)
- Webinars (2)
- ATP integration (1)
- Cerber (1)
- Citized Threat Index (1)
- FlawedAmmyy (1)
- GDPR (1)
- Hancitor (1)
- Kovter (1)
- Retail Cybersecurity (1)
- SecOps (1)