An operations security (OpSec) failure by the threat group “FIN7” led to an unintentional exposure of their new tools, campaigns, and underground affiliations. Security researchers conducted a cyber-security operation that granted them access to the threat group’s communication channels, and have published reports that offer unique insight into one of the world’s most notorious threat groups. FIN7 was seemingly developing new loader malware, called Tirion, to replace the previously used “Carbanak” backdoor. Tirion features many new capabilities for information gathering, lateral movement, reconnaissance, and code execution. Researchers also uncovered new data about BadUSB attacks that occurred in early 2020. The reports will probably not significantly affect FIN7’s operations, but it is realistically possible that they will modify some tactics, techniques, and procedures (TTPs) in response.
Three state-linked threat groups have reportedly conducted cyber attacks aimed at the US Democratic and Rep...
Want To Try Our Digital Risk Protection Tool?Get Started Free
Other content in this Stream
A newly identified advanced persistent threat (APT) group, “Agrius”, has been exposed as the perpetrator of destructive attacks against Israeli organizations since late 2020.
The notorious Russia-based ransomware group “REvil” (aka Sodinokibi) has been blamed for the latest high-profile ransomware attack, on the world’s largest meat supplier.
The latest work of the notorious Russian state-associated “NOBELIUM” threat group is an email phishing campaign against multiple countries and sectors.
US President Joe Biden recently signed an executive order (EO) aimed at strengthening network security for US federal government departments, and agencies and contractors working with them.
A “Conti” ransomware attack on Ireland’s healthcare system, the Health Service Executive (HSE), significantly delayed the delivery of medical laboratory results and affected many outpatient services.
Colonial Pipeline Company fell victim to a cyber attack that resulted in 5,500 miles of its US fuel pipelines being shut down, causing public distress and fears of fuel shortages.
Dark web monitoring is not a use case in and of itself. Instead, it encompasses a variety of different use cases such as exposed credential monitoring, fraud, and insider threat monitoring. If securit
Security researchers discovered two unrelated cyber-threat campaigns targeting Microsoft SharePoint.
The team is looking back at three years of ShadowTalk and taking us on a journey through changes in the threat landscape.
This guide shares years of operational best practices and expands on where dark web intelligence is useful and can be effectively leveraged into action for security teams.
The FBI made digital copies of malicious web-shells before removing them from hundreds of vulnerable servers in the US, without any warning to affected organizations.
This report discusses Intel Updates affecting the media and telecommunications sector in the first quarter of 2021 (Q1 2021).
A cyber-espionage campaign was found targeting the Vietnamese military and government, as well as other sectors and some entities in Thailand and Central Asia.
This report discusses Intel Updates affecting the travel-and-leisure sector in the first quarter of 2021 (Q1 2021).
Join Digital Shadows to learn about exciting new functionality, which helps organizations of all sizes to get value out of Cyber Threat Intelligence.
This report discusses cyber events affecting the energy sector in the first quarter of 2021 (Q1 2021).
A user of the cybercriminal forum RaidForums has offered 533 million records of Facebook user data for only a few US dollars.
Insurance provider CNA Financial has announced it was targeted in a cyber attack, later confirmed as involving the newly identified “Phoenix Cryptolocker” ransomware.