Asheer Malhotra - Cisco Talos Blog

Cisco Talos Blog

October 17, 2024 06:00

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities

August 21, 2024 06:00

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”

May 30, 2024 08:01

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.”  Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.

March 21, 2024 09:08

New details on TinyTurla’s post-compromise activity reveal full kill chain

We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.

February 22, 2024 08:00

TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.

February 15, 2024 08:00

TinyTurla Next Generation - Turla APT spies on Polish NGOs

This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.

December 11, 2023 08:50

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang

Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.

October 25, 2023 08:01

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

September 19, 2023 08:00

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants

Cisco Talos has discovered a new intrusion set we're calling "ShroudedSnooper" consisting of two new implants "HTTPSnoop" and "PipeSnoop" targeting telecommunications firms in the middle-east.