Monthly Threat Highlights Report
Insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team.
Latest highlights
May 2022
- Advisory on initial access techniques
- Emotet back at full power
- BPFDoor, an insidious backdoor
- Ransomware: Trends and notable reports:
- Other notable highlights in brief
Download report
April 2022
- CNI targeted with ICS malware
- FA Fatigue: A new attack technique
- The disruption of ZLoader
- A breakdown of ContiLeaks
- RANSOMWARE: Trends and Notable Reports
- Other Notable Highlights in Brief
Download report
March 2022
- Okta LAPSUS$ Compromise
- Heightened Awareness of Russian Threat Activity
- Chinese backed actor APT41 attacks US government
- Initial access broker for Conti uses complex social engineering
- RANSOMWARE: Trends and Notable Reports
- Other Notable Highlights in Brief
Download report
Previous reports
February 2022
- RUSSIA-UKRAINE CONFLICT: Related cyber activity
- SANDWORM: Using new malware Cyclops Blink
- KARAKURT: A threat actor focused on extortion
- DAXIN: A Chinese-linked espionage tool
- RANSOMWARE: Trends and Notable Reports
- Other Notable Highlights in Brief
Download report
January 2022
- UKRAINE: Defacements and WhisperGate Wiper
- CISA: Russian Nation State Threats
- Log4j: A Pervasive Library Vulnerability
- SYSJOKER: New Backdoor Targets Windows, Mac and Linux
- EARTHLUSCA: Financially Motivated Chinese Threat Actor
- RANSOMWARE: Trends and Notable Reports
- Other Notable Highlights in Brief
Download report
November 2021
- IRANIAN ACTORS: Evolving Trends
- DEV-0322: ManageEngine Exploitation
- RANSOMWARE: Trends and Notable Reports
- Other Notable Highlights in Brief
Download report
October 2021
- MYSTERYSNAIL: Exploits Windows Zero Day
- ESPECTER: A Real World UEFI Bootkit
- RANSOMWARE: Trends and Notable Reports
Download report
September 2021
- FAMOUSSPARROW: New APT targeting international hotels
- OMIGOD VULNERABILITIES: Exploitation in Microsoft’s Open Management Infrastructure (OMI)
- CONFLUENZA: Critical OGNL injection vulnerability being exploited
- RANSOMWARE HIGHLIGHTS: BlackMatter, US government sanctions against cryptocurrency exchange, CISA advisory on CONTI ransomware
Download report
August 2021
- SHADOWPAD: A modular malware platform of Chinese origin
- RANSOMWARE: LockBit 2.0, vulnerability exploitation and a disgruntled affiliate
- INKYSQUID: Web browser exploits used to infect victims
Download report
July 2021
- INSO Pegasus spyware targeting human rights activists
- APT31 exploiting home routers in attack against French organizations
- GRU global brute forcing campaigns
- REvil ransomware exploits Kaseya VSA software to attack their customers
- CISA, NCSC, ACSC & FBI report on top routinely exploited vulnerabilities
Download report
June 2021
- Siloscape: A cloud native attack targeting windows containers
- GELSEMIUM: Operation NightScout supply chain attack
- ATM Jackpotting: Exploiting NFC vulnerability
- SITA: Data breach effecting Air India linked to APT41
- Data Breaches: McDonalds SK and Volkswagen
Download report
April 2021
- Pulse Secure VPN Vulnerabilities Actively Exploited In The Wild
- Sonicwall Email Security Product Zero Days Under Active Exploitation
- US Government Attributes Solarwinds Campaign To Russian SVR
- Codecov Supply Chain Breach
- Lazarus Group: Vyveva Backdoor
- Facebook And Linkedin Data Leaks
Download report
March 2021
- Proxylogon Exploits Microsoft Exchange Zero-day Vulnerabilities Crisis
- UNC2452/Nobelium New Second-stage Malware Discovered
- Supernova Webshell: Spiral Threat Group Targeted Solarwinds
- Operation Dianxun: Mustang Panda’s Latest Campaign Targeting Telecommunications
- Accellion FTA Vulnerability: Shell Energy Company, Qualys Cyber Security Firm And Flagstar Bank
- Indrik Spider: Changing Ttps In Response To Sanctions
- Red Echo Targeting Indian Critical Infrastructure: China-indian Geopolitical Tensions
- APT10 Delivering Multi-layered Loader Ecipekac In A41APT Campaign
Download report
February 2021
- Silver Sparrow, a macOS malware compiled for Apple’s new M1 ARM64 chip architecture was identified infecting a large number of endpoints
- ANSSI disclosed a three-year campaign by the Sandworm threat actor targeting the IT monitoring software company Centreon
- A water treatment facility was compromised in the US and chemical levels in the water alerted after an actor gained access via TeamViewer
- CISA reported on activity by an APT group linked to the DPRK targeting organizations involved in the Cryptocurrency vertical
- Multiple vulnerabilities in Accellion’s File Transfer Appliance (FTA) exploited for data theft and extortion of victims
- Operation NightScout: A supply Chain compromise of gamers in Asia through BigNox’s NoxPlayer delivers surveillance related malware
- Lazarus group targeting defense industry with spearphishing and ThreatNeedle malware cluster to steal sensitive data
Download report
- Slide 1
- Slide 2
- Slide 3