MuddyWater APT Uses GitHub and Imgur to Deploy Cobalt Strike Beacon

Just after Christmas (December 25), a security researcher going by the Twitter handle of @Arkbird_SOLG, posted details of what appears to be an attack chain that began with a malicious Word document. Since then, Arkbird and multiple subsequent researchers have attributed this attack to the MuddyWater APT (Advanced Persistent Threat) group. MuddyWater activity was first discovered in 2017,…

Cobalt Group Targets Banks in Romania and Russia

What Is It? Researchers at Arbor Networks ASERT team recently observed by the Cobalt group attempting to use spear phishing emails containing multiple malicious links in order to compromise Russian and Romanian banks. The recent attack shows the resilience of Cobalt after successes by law enforcement against high ranking members of the group. In March 2018, Spanish authorities arrested the…

SystemBC RAT Used as Ransomware Backdoor

In recent months, Sophos’ incident response team has observed the use of the commoditized SystemBC RAT (Remote Access Tool) in Ryuk and Egregor ransomware attacks. In these attacks, SystemBC is used as a backdoor on systems to move laterally through a victim’s network, allowing it to exfiltrate data and to deploy malicious payloads (including ransomware.) What Is It? The Ryuk and Egregor…

Chinese APT Campaigns Target Indian and Hong Kong Users

What Is It? Researchers from Malwarebytes have released their research into three malicious campaigns they observed in early July 2020. The first two campaigns, which occurred within a day of each other, were aimed at Indian government entities. The third campaign targeted users in Hong Kong. Due to the targets, the timing and the techniques utilized, researchers believe the attacks originated…

Evil Clippy Bypasses Most Malware Detection Tools

What Is It? Evil Clippy is available for Windows, macOS and Linux operating systems and uses techniques to modify office documents directly, at the file level, in order to make it much more difficult for security products to detect the malicious macro. A recent article on BleepingComputer.com describes a tool created by security researchers from Outflank, a security testing company located in…