Blog · research & analysis
VMware ESXi #Ransomware: What is going on? What does the following code means? D6C324719AD0AA50A54E4F8DED8E8220D8698DD67B218B5429466C40E7F72657C015D86C7E4A In the last few hours, several sources have reported massive Ransomware-type activity against VMware ESXi servers exposed on a public network. The activity currently appears to be conducted by at least 2 different criminal groups. How? Both groups are exploiting a … Read more
In March, Fortgale detected a significant increase in malicious activity targeting Italian companies associated with the spread of the Trojan IceID malware. The most relevant activity was identified in the March 16 campaign in which the criminal actor manipulated previous conversations of the victims by inserting a malicious attachment with theHTML Smuggling technique: A company … Read more
After recent online publications regarding the TrueBot malware (VMware, Bleeping and THN), we have decided to contributing with our analysis of this potential new threat. At the end, you will find the indicators of compromise and a Yara rule to identify it. Before starting with the technical analysis of the malware, we believe it is … Read more
Fortgale has identified an offensive campaign targeting Italian business systems, carried out via malicious email containing the StrelaStealer malware. During the compromise, several techniques are observed including: Its purpose is usually to collect information about Outlook and ThunderBird accounts, as also confirmed by our technical analysis. The attention of these Threat Actors is focusing on … Read more
Recentemente il nostro team di analisti ha identificato l’utilizzo del Trojan PlugX all’interno di sistemi aziendali italiani. Il Trojan è riuscito ad infiltrarsi nei sistemi target tramite l’utilizzo di un dispositivo USB infetto.
Analisi del Malware RedLine inserito all’interno di una falsa installazione del software Notepad++
Fake Notepad usato per distribuire RedLine Stealer per mezzo di pubblicità Google Ads
Come ogni secondo Martedì del mese, Microsoft ha rilasciato una serie di aggiornamenti (patch) di sicurezza per i propri sistemi operativi.
In questo mese sono state rilasciate 117 patch per altrettante vulnerabilità, di queste:
In 2021, Fortgale conducted an Incident Response operation to eradicate the WannaMine malware from the systems of an Italian company operating in the industrial sector. The malware proliferated across several hundred systems, exploiting a variety of propagation techniques. Upon installation, WannaMine initiates cryptocurrency mining activities, leading to substantial disruptions in the company’s operations due to … Read more
