BabbleLoader Exploits Fake Software Downloads to Spread Information Stealers Threat Group: Unknown Threat Type: Malware Loader Exploited Vulnerabilities: None identified; utilizes evasion techniques Malware Used: BabbleLoader Threat Score: High (8.5/10) — Due to its advanced evasion capabilities, sophisticated delivery mechanisms, and ability to facilitate various malware payloads. Last Threat Observation: November 19, 2024. Overview BabbleLoader is a newly
News Palo Alto Confirms Ongoing Exploits Against PAN OS Management Interfaces Threat Group: Unknown Threat Type: Remote Code Execution (RCE) Vulnerability Exploited Vulnerabilities: PAN-OS Firewall Management Interface Malware Used: Web Shells Threat Score: High (9.3/10) — Due to the critical nature of the vulnerability allowing unauthenticated remote command execution. Last Threat Observation: November 16, 2024. Overview Palo Alto Networks has
Malware Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft Threat Group: Vietnamese-speaking threat actors (linked to CoralRaider and Lone None) Threat Type: Information Stealer Exploited Vulnerabilities: Targets sensitive data including credentials, VPNs, FTP clients, browser cookies, and gaming platforms Malware Used: PXA Stealer Threat Score: High (9.0/10) — Comprehensive data theft capabilities and strong targeting focus on government
Malware Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns Threat Group: - Emennet Pasargad (Cotton Sandstorm) Threat Type: - Remote Access Trojan (RAT) / Infostealer Exploited Vulnerabilities: - Social engineering through phishing campaigns Malware Used: - WezRat Threat Score: - High (8.5/10) — Due to its modular design, advanced espionage capabilities, and targeted nature. Last Threat Observation: - November
Malware HawkEye Malware Continues to Threaten Organizations with Advanced Evasion Threat Group: Various Cybercriminal Actors Threat Type: Information-Stealing Malware Exploited Vulnerabilities: Primarily delivered via phishing emails and "free" software disguised as malware; also targets vulnerabilities in Microsoft Office to execute malicious code. Malware Used: HawkEye, also known as PredatorPain Threat Score: High (8.5/10) — Given its long
Malware Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack Threat Group: Smoke Sandstorm (also tracked as TA455) Threat Type: Trojan Loader Exploited Vulnerabilities: Phishing and social engineering tactics Malware Used: SnailResin (loader), SlugResin (backdoor) Threat Score: High (8.5/10) — Due to advanced delivery techniques, cross-industry targeting, and evasive C2 methods Last Threat Observation: November 14, 2024. Overview The
News Bitter APT Resumes Operations with Newly Identified Indicators Threat Group: - Bitter APT (also known as APT-17 or "DeputyDog") Threat Type: - Cyber Espionage Exploited Vulnerabilities: - Microsoft Office vulnerabilities (e.g., CVE-2017-11882, CVE-2018-0798, CVE-2018-0802), Zimbra Web Client vulnerabilities Malware Used: - ZxxZ Trojan, Dracarys Android spyware, various custom Remote Access Trojans (RATs), keyloggers, and backdoors
Malware Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape Threat Group: Unidentified Threat Actor Threat Type: Ransomware, Info-Stealer Exploited Vulnerabilities: Common file encryption mechanisms, credential theft techniques Malware Used: Ymir Ransomware, RustyStealer Threat Score: High (8.2/10) — Due to its dual-impact functionality that combines data theft with ransomware encryption. Last Threat Observation: November 10, 2024 Overview A newly
Malware Advanced Malware SteelFox Uses Windows Vulnerabilities for System Access Threat Group: Unknown Threat Type: Crimeware Bundle (Information Stealer and Cryptominer) Exploited Vulnerabilities: CVE-2020-14979, CVE-2021-41285 Malware Used: SteelFox Threat Score: High (8.5/10) — Due to advanced privilege escalation, data theft, and cryptocurrency mining techniques. Last Threat Observation: November 2024 Overview SteelFox is a sophisticated malware campaign that combines information-stealing
Malware AndroxGh0st Malware Evolves to Target IoT and Critical Infrastructure Threat Group: Unknown Threat Type: Malware/Botnet Exploited Vulnerabilities: CVE-2017-9841, CVE-2018-15133, CVE-2021-41773 Malware Used: AndroxGh0st Threat Score: High (8.5/10) — Due to its focus on critical infrastructure, advanced exploitation techniques, and integration with other botnets. Last Threat Observation: November 8 Overview AndroxGh0st is a Python-based malware that has evolved
