First Name

Last Name

Job Title

Company

Country

State

Thank you!

Error - something went wrong!

Weekly Intelligence Summary 20 Mar 2020

March 20, 2020

Microsoft and partners in 35 countries have taken legal and technical steps to disrupt the highly prolific “Necurs” botnet. Analysis of the domain generation algorithm (DGA) used by Necurs led to identifying six

million domains that could fall victim to the botnet. Microsoft’s team is working to get those domains blocked. Necurs is the largest and most prevalent botnet, and has been used by multiple threat actors to spread malware since 2012; its operators have offered incentives to use the botnet “as a service”. Since Necurs’ creation, nine million devices have been infected. Disruption to the botnet will probably have a significant impact on the cyber-threat landscape, and as Necurs users search for alternative botnets, organizations should continue to implement basic security practices to protect their infrastructure from infection.

Previous Report

Weekly Intelligence Summary 27 Mar 2020

This week an online troll took advantage of Zoom’s screen-sharing feature to subject participants of a dail...

Next Report

Weekly Intelligence Summary 13 Mar 2020

The financially motivated threat actor “TA505” has continued unleashing phishing-related cyber attacks in l...

Want these
Threat Intelligence reports sent straight to your inbox?

Subscribe below!

First Name

Last Name

Company

Country

State- optional

Job Title

Thank you!

Error - something went wrong!

Return to Home

Weekly Intelligence Summary 20 Mar 2020

Previous Report

Next Report

Most Recent Flipbooks

“Lazarus Group” has reportedly used their newly identified “MATA” malware framework and newly created “VHD” ransomware to target high-profile victims.

After exposing more than 300 million user records in May 2020, the “ShinyHunters” threat group has allegedly returned with a second stage of data leaks.

On 15 July 2020 threat actors compromised 130 Twitter accounts to promote a cryptocurrency scam, which reportedly garnered at least USD 121,000.

A cybercriminal-forum user claims to have accessed and exfiltrated 15 billion records pertaining to multiple companies by compromising Data Viper, a cyber-security firm that holds breached data.

Ransomware appeared on the horizon long before 2020, but has arguably taken the cyber-threat landscape by storm over the past six months.

A two-pronged approach in a new cyber-threat campaign revealed cooperation between the “InvisiMole” threat collective and pro-Russia group “Gamaredon”

A cyber-threat campaign was discovered exploiting an Adobe Campaign redirection flaw and abusing mail servers for heavily obfuscated phishing attacks.

Two malware variants used in simultaneous cyber-threat campaigns against United States utility entities have been linked to a single threat group.

The “Maze” group recently began collaborating with other ransomware operators by hosting their victims’ leaked data on the Maze News website.

The United States National Security Agency (NSA) released a cyber security advisory about the threat group “Sandworm”, likely a unit of the Russian GRU military intelligence agency.

A new ideologically motivated threat group, “CyberWare”, has been observed using ransomware in wiper attacks against companies it believes are conducting scams.

A threat group by the name of ShinyHunters has flooded dark web marketplaces and criminal forums with leaked databases belonging to at least 18 companies.

The apparent resurgence of advanced persistent threat (APT) group “Naikon” has established that “out of sight” does not mean “inactive”; despite scant reporting on the group in recent years, Naikon ha

Researchers have reported on active cyber-threat campaigns exploiting a cross-site scripting (XSS) vulnerability in a WordPress website theme.

From January to April 2020 the Vietnamese state-linked cyber-threat group “APT32” conducted intrusion attacks on Chinese entities, likely to collect intelligence on COVID-19 developments in the People

Following a likely ransomware attack targeting the Czech Republic’s second-largest hospital, the Czech National Cyber and Information Security Agency (NÚKIB/NCISA) released a warning detailing the imm

The persistent and financially motivated cybercriminal group “FIN6” has reportedly partnered with the operators behind the “TrickBot” banking trojan.

APT37 re-emerges, exploits cloud for espionage

The cybercriminal group “FIN7” recently distributed malware via USB flash drives mailed to United States-based targets. Also included in the packages were fake letters, gift cards, and gifts to entice

This week an online troll took advantage of Zoom’s screen-sharing feature to subject participants of a daily public Zoom meeting to pornographic and other graphic content, disrupting an otherwise ...