Estimated reading time: 5 minutes
Introduction XWorm is an evasive and flexible malware recognized for its modular design. It uses obfuscation techniques to avoid detection. It communicates with a Command and Control server and executes malicious activities. After execution, the malware decrypts its configuration...Estimated reading time: 15 minutes
Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan. Contents Introduction Key Targets. Industries Affected. Geographical Focus. Initial Findings. Looking into the decoy-document – I Looking into the decoy-document – II Infection Chain. Technical Analysis...Estimated reading time: 9 minutes
Seqrite Labs APT-Team has recently found a campaign targeting the Czech Republic. The campaign targets government and military officials with multiple lures aimed at the relationship between NATO and the Czech Republic. The entire malware ecosystem is involved in...Estimated reading time: 6 minutes
In the wake of numerous security incidents in which attackers exploited unsegmented networks to spread malware and access sensitive data, it’s clear that traditional network architectures often fail to prevent the lateral movement of threats. This blog will illustrate...Estimated reading time: 5 minutes
AsukaStealer, marketed on a Russian-language cybercrime forum by the alias ‘breakcore,’ has been exposed. The perpetrator offers its services for a monthly fee of $80, targeting individuals and organizations seeking to exploit its capabilities for malicious purposes. Written in...Estimated reading time: 13 minutes
In the recent past, cyberattacks on Indian government entities by Pakistan-linked APTs have gained significant momentum. Seqrite Labs APT team has discovered multiple such campaigns during telemetry analysis and hunting in the wild. One such threat group, SideCopy, has...Estimated reading time: 5 minutes
Ghost Locker is a Ransomware-as-a-Service (Raas) created by GhostSec [hacktivist groups]. In October 2023, GhostSec launched the GhostLocker framework. After their successful collaborative operations with the Stormous ransomware group in July 2023, GhostLocker ransomware operators provide various options for...Estimated reading time: 4 minutes
Recently, we came across a new banking trojan called Coyote, which utilizes a tool/library called Squirrel Installer, developed to install and manage updates of windows applications. The malware looks more evolved than our normal banking trojans and can potentially...