Tag
Fortgale has been tracking an Italian Threat Actor, internally dubbed as Nebula Broker, since March 2022. The actor uses self-made malware (BrokerLoader) to compromise Italian systems. Further analysis revealed that the attacker has been operating since the end of 2020. Although this threat is not well-known, the number of compromises is particularly extensive. Indeed, Fortgale … Read more
Analisi del Malware RedLine inserito all’interno di una falsa installazione del software Notepad++
In recent weeks, consistent with previously documented activity (background), we have observed a general increase in compromise activity across monitored environments. Criminal groups deploy malware for multiple objectives: Ransomware execution, sensitive data exfiltration, and credential harvesting. Qakbot — documented in detail under MITRE ATT&CK S0650 — is consistently used for all three. Unlike previous campaigns, … Read more
Agent Tesla is a spyware that exfiltrates information from victim systems by capturing keystrokes and user actions (T1056.001 — Keylogging). Built on the .NET framework, it transmits stolen data to a command-and-control (C2) server. Agent Tesla extracts credentials and stored data from web browsers, email clients, and FTP clients (T1555.003 — Credentials from Web Browsers, … Read more
HTML Smuggling: payload assembly client-side from JavaScript-encoded blobs, perimeter-bypass mechanics and detection considerations for email and web gateways.
TrickBot operations update: infrastructure rebuilds, module evolution, partnership with ransomware affiliates and detection signals across recent campaigns.
Jupyter (SolarMarker) malware new variant: PowerShell-driven loader, infostealer modules, persistence techniques and IOC indicators.
STRRAT remote access trojan leveraging Java Runtime Environment for cross-platform persistence: capabilities, distribution patterns and detection considerations.
