Threat Group: Multiple Threat Actors (Malware as a Service) Threat Type: Infostealer / Downloader / Trojan Exploited Vulnerabilities: Primarily relies on social engineering and malicious attachments. Occasionally used to deliver secondary payloads that exploit known CVEs. Malware Used: FormBook (rebranded as XLoader) Threat Score: 🔴 High (8.0/10) due to extensive use
Threat Group: FlowerStorm Threat Type: Phishing-as-a-Service (PhaaS) Exploited Vulnerabilities: User credentials and session cookies Malware Used: FlowerStorm phishing kit Threat Score: High (8.5/10) – Due to its capability to bypass multi-factor authentication (MFA) and widespread targeting of Microsoft 365 users. Last Threat Observation: December 20, 2024 Overview The cybersecurity
Threat Group: Charming Kitten (APT35/APT42) Threat Type: Dropper Malware Exploited Vulnerabilities: Potential exploitation of Microsoft Exchange vulnerabilities (e.g., ProxyShell, ProxyNotShell) Malware Used: BellaCPP Threat Score: High (8.5/10) – Due to its targeted approach, advanced evasion techniques, and potential impact on critical infrastructure. Last Threat Observation: December 21,
Threat Group: Unknown Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: CVE-2024-21412 Malware Used: DarkGate Threat Score: High (8.5/10) – Due to its advanced evasion techniques, multifunctionality, and recent exploitation of widely used platforms like Microsoft Teams. Last Threat Observation: December 17, 2024 Overview DarkGate is a highly sophisticated
Threat Group: Various Cybercriminal Actors Threat Type: Information-Stealing Malware Exploited Vulnerabilities: Primarily delivered via phishing emails and "free" software disguised as malware; also targets vulnerabilities in Microsoft Office to execute malicious code. Malware Used: HawkEye, also known as PredatorPain Threat Score: High (8.5/10) — Given its long