Threat Research

Introduction Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding “VPNFilter.” In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially…

Intro For several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated actor’s widespread use of a sophisticated modular malware system we call “VPNFilter.…

This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski. Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gandcrab uses both tradit…

Update: 4/9 Cisco PSIRT has released additional guidance available here. Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically…

The Winter Olympics this year is being held in Pyeongchang, South Korea. The Guardian, a UK Newspaper reported an article that suggested the Olympic computer systems suffered technical issues during the opening ceremony. Officials at the games confirmed some technical issues to non-critical systems…

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Ru…

This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams. Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research c…

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between September 08 and September 15. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key…

This post authored by Nick Biasini with contributions from Alex Chiu. Earlier this week, a critical vulnerability in Apache Struts was publically disclosed in a security advisory. This new vulnerability, identified as CVE-2017-9805, manifests due to the way the REST plugin uses XStreamHandler with a…