Threat Hunter TeamSymantecPosted: 21 Apr, 20234 Min ReadThreat IntelligenceX_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and EuropeNorth Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector. X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
Threat Hunter TeamSymantecPosted: 25 May, 20235 Min ReadBuhti: New Ransomware Operation Relies on Repurposed PayloadsAttackers use rebranded variants of leaked LockBit and Babuk ransomware payloads but use own custom exfiltration tool.Buhti: New Ransomware Operation Relies on Repurposed Payloads
Threat Hunter TeamSymantecPosted: 15 May, 202319 Min ReadLancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other SectorsMerdoor backdoor is low prevalence and used in highly targeted attacks.Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
Threat Hunter TeamSymantecPosted: 21 Apr, 20234 Min ReadX_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and EuropeNorth Korean-linked operation affected more organizations beyond 3CX, including two critical infrastructure organizations in the energy sector. X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
Threat Hunter TeamSymantecPosted: 20 Apr, 20238 Min ReadDaggerfly: APT Actor Targets Telecoms Company in AfricaNew MgBot malware framework plugins deployed in recent campaign.Daggerfly: APT Actor Targets Telecoms Company in Africa
Threat Hunter TeamSymantecPosted: 19 Apr, 20236 Min ReadPlay Ransomware Group Using New Custom Data-Gathering ToolsTools allow attackers to harvest data typically locked by the operating system.Play Ransomware Group Using New Custom Data-Gathering Tools