malware

Cisco Talos has been tracking a new campaign involving the FormBook malware since May 2018 that utilizes four different malicious documents in a single phishing email. FormBook is an inexpensive stealer available as “malware as a service.” This means an attacker can purchase a compiled p…

This blog post is authored by Warren Mercer and Paul Rascagneres with contributions from Jungsoo An. Executive Summary Talos has discovered a new malicious Hangul Word Processor (HWP) document targeting Korean users. If a malicious document is opened, a remote access trojan that we’re calling…

We know that big data is big business… And the use of on-premises and public cloud infrastructure is growing, according to the Cisco 2018 Security Capabilities Benchmark Study. In the 2017 study, 27 percent of security professionals said they are using off-premises private clouds, compared with 25 p…

Update: 4/11 we have corrected the detection to Ursnif/Dreambot This post was authored by Ross Gibb with research contributions from Daphne Galme, and Michael Gorelik of Morphisec, a Cisco Security Technical Alliance partner. Cisco has noticed an increase in infections by the banking trojan IcedID t…

Compared to banks and enterprise corporations and government agencies, who would think that schools would be prime targets for cyberattacks? Surprisingly, education is actually the industry most at risk of ransomware attacks, with 13 percent of education organizations falling victim.[1] One reason f…

The Winter Olympics this year is being held in Pyeongchang, South Korea. The Guardian, a UK Newspaper reported an article that suggested the Olympic computer systems suffered technical issues during the opening ceremony. Officials at the games confirmed some technical issues to non-critical systems…

Your internet connection is slower than usual, your PC is also very slow, and you notice that your CPU fan is running faster when you are on a given website. All the above symptoms indicate that you could be a victim of cryptojacking. This is a new kind of menace in which malicious users or the host…

This post was authored by Warren Mercer, Paul Rascagneres and with contributions from Jungsoo An. Earlier this year, Talos published 2 articles concerning South Korean threats. The first one was about the use of a malicious HWP document which dropped downloaders used to retrieve malicious payloads o…

This post was authored by Warren Mercer, Paul Rascagneres and Vitor Ventura INTRODUCTION Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear…). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. confere…