Category
Emerging Threats
TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks
TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks TeamPCP is an emerging cybercriminal collective that became active in late 2025, distinguishing itself through a specialized focus on massive attacks against cloud-native infrastructures. Unlike traditional Advanced Persistent Threat (APT) groups that often prioritize deep persistence on specific endpoints, TeamPCP utilizes high-level automation to scale … Read more
Behind the Wheel: Unveiling the Supercar Phishing Kit Targeting Microsoft 365
UPDATES: 27.11.2024: As mentioned by TrustWave, “Supercar Phishing Kit” has an high level of overlapping with the most recent update of “Rockstar 2FA Phishing-as-a-Service” 26.09.2024: As mentioned by Any.Run, “Supercar Nebula” has an high level of overlapping with “Storm-1575“ In August 2024, Fortgale identified and analyzed an extensive phishing campaign employing a previously publicy undocumented … Read more
Cyber Attack Risk: Follina
Risks and Solutions How to protect and how to react The identification of this type of compromise can occur on different levels: Fortgale recommends performing proactive threat hunting activities to identify this type of compromise potentially undetected by the systems mentioned above. Choose the solution that best fit your company
New Malspam campaign to deploy FickerStealer Malware
Over the last week (26th of July 2021), CERT-AGID observed a malspam campaign whose intent was to spread the FickerStealer malware via the Hancitor loader to steal the credentials present on the victim’s machine. The emails, themed “Pagamenti“, contained an attached Word or Excel document, within which macros were recorded for downloading and executing the … Read more
CloudMensis: Spyware hitting MacOS
A new backdoor for MacOS systems has been discovered in recent days by ESET researchers. The goal of the malware is to exfiltrate information from the victim system by exploiting cloud storage services.The Backdoor, named by CloudMensis researchers, recovers information such as documents, email messages and attachments, files on removable devices, screenshots and the sequence … Read more
Microsoft RCE — April 2022 patches
Come ogni secondo Martedì del mese, Microsoft ha rilasciato una serie di aggiornamenti (patch) di sicurezza per i propri sistemi operativi.
In questo mese sono state rilasciate 117 patch per altrettante vulnerabilità, di queste:
Malware Qakbot — March 2022 Compromises
In recent weeks, consistent with previously documented activity (background), we have observed a general increase in compromise activity across monitored environments. Criminal groups deploy malware for multiple objectives: Ransomware execution, sensitive data exfiltration, and credential harvesting. Qakbot — documented in detail under MITRE ATT&CK S0650 — is consistently used for all three. Unlike previous campaigns, … Read more
Russia | Ukraine: Cyber Attacks
Resoconto riguardante le operazioni offensive informatiche condotte dalla Russia nei confronti di infrastrutture ucraine durante l’avvio del conflitto.