WannaMine worm: analysis and intervention
WannaMine cryptominer worm: lateral movement via EternalBlue, Mimikatz credential harvesting, persistence mechanisms and the field intervention to remediate a long-running compromise.
Blog · research & analysis
Latest analysis
Read the analysis
Critical vulnerability: PrintNightmare
PrintNightmare (CVE-2021-34527): Windows Print Spooler privilege escalation and RCE, exploitation primitives, mitigation steps and detection across Windows estates.
Ransomware and Supply Chain Attack
Convergence of ransomware and supply-chain compromise: amplification mechanics, downstream propagation and defensive priorities for vendors and customers alike.
New Phishing techniques and how to identify them
Emerging phishing techniques 2021: HTML smuggling, browser-in-the-browser tricks, MFA-fatigue prompts and the detection signals defenders can rely on.
Ransomware and Virtual Servers
Virtualisation-aware ransomware variants: ESXi/vCenter targeting, hypervisor-level encryption impact and detection recommendations for virtualised estates.
Ursnif and Android APPs
Ursnif banking trojan extending its operation to Android: malicious APK delivery, second-stage capabilities, overlay attacks and detection considerations.
BackdoorDiplomacy — threat against Ministries of Foreign Affairs
BackdoorDiplomacy APT activity against diplomatic missions and telecom operators: tooling, infrastructure overlap with known Chinese clusters and victim profiles.
LokiBot campaign — update of 21 June 2021
LokiBot campaign of 21 June 2021: lure templates, dropper chain, exfiltration channels and IOC indicators across the latest waves.
Italian targets gain traction in criminal forums
Underground criminal-forum chatter shows growing interest in Italian organisations: access listings, language preferences and targeting trends.
