Monthly Threat Highlights Report

Insights from the cyber threat landscape - courtesy of WithSecure™ Countercept's own Threat Intelligence team.

Latest highlights

May 2022

- Advisory on initial access techniques
- Emotet back at full power
- BPFDoor, an insidious backdoor
- Ransomware: Trends and notable reports:

Is this the end of Conti?

Iran is carrying out ransomware attacks

Operator of Thanos builder charged

The return of REvil?

- Other notable highlights in brief

Download report

April 2022

- CNI targeted with ICS malware
- FA Fatigue: A new attack technique
- The disruption of ZLoader
- A breakdown of ContiLeaks
- RANSOMWARE: Trends and Notable Reports

A look at Blackcat/ALPHV

Russia in the crosshairs

Quantum: a 4-hour attack

LockBit strike Rio de Janeiro finance department

BlackByte breakdown

Nokoyawa, a Nempty strain

- Other Notable Highlights in Brief

Download report

March 2022

- Okta LAPSUS$ Compromise
- Heightened Awareness of Russian Threat Activity
- Chinese backed actor APT41 attacks US government
- Initial access broker for Conti uses complex social engineering
- RANSOMWARE: Trends and Notable Reports

RURansom targets Russia

Advisory on AvosLocker

HermeticRansom can be decrypted

Sophos collates their ransomware research

An analysis of LockBit 2.0

Estonian imprisoned for connection with ransomware and cybercrime

- Other Notable Highlights in Brief

Download report

Previous reports

2022

February 2022

- RUSSIA-UKRAINE CONFLICT: Related cyber activity
- SANDWORM: Using new malware Cyclops Blink
- KARAKURT: A threat actor focused on extortion
- DAXIN: A Chinese-linked espionage tool
- RANSOMWARE: Trends and Notable Reports

Recovery of data encrypted by Hive ransomware

Joint advisory on ransomware

CONTI Leaks

- Other Notable Highlights in Brief

Download report

January 2022

- UKRAINE: Defacements and WhisperGate Wiper
- CISA: Russian Nation State Threats
- Log4j: A Pervasive Library Vulnerability
- SYSJOKER: New Backdoor Targets Windows, Mac and Linux
- EARTHLUSCA: Financially Motivated Chinese Threat Actor
- RANSOMWARE: Trends and Notable Reports

REvil Associates Arrested

Europol shutdown VPN Labservers

Other Ransomware Group Insights

- Other Notable Highlights in Brief

Download report

2021

November 2021

- IRANIAN ACTORS: Evolving Trends
- DEV-0322: ManageEngine Exploitation
- RANSOMWARE: Trends and Notable Reports

Targeting Victims of Significant Financial Events

US Law Enforcement and Sanctions

TA505 Exploiting Serv-U Vulnerability

Other Ransomware Group Insights

- Other Notable Highlights in Brief

Download report

October 2021

- MYSTERYSNAIL: Exploits Windows Zero Day
- ESPECTER: A Real World UEFI Bootkit
- RANSOMWARE: Trends and Notable Reports

US Treasury Financial Trends Report

VirusTotal Global Ransomware Context Report

BlackMatter Ransomware

Ransomware

Tradecraft Evolutions

Download report

September 2021

- FAMOUSSPARROW: New APT targeting international hotels
- OMIGOD VULNERABILITIES: Exploitation in Microsoft’s Open Management Infrastructure (OMI)
- CONFLUENZA: Critical OGNL injection vulnerability being exploited
- RANSOMWARE HIGHLIGHTS: BlackMatter, US government sanctions against cryptocurrency exchange, CISA advisory on CONTI ransomware

Download report

August 2021

- SHADOWPAD: A modular malware platform of Chinese origin
- RANSOMWARE: LockBit 2.0, vulnerability exploitation and a disgruntled affiliate
- INKYSQUID: Web browser exploits used to infect victims

Download report

July 2021

- INSO Pegasus spyware targeting human rights activists
- APT31 exploiting home routers in attack against French organizations
- GRU global brute forcing campaigns
- REvil ransomware exploits Kaseya VSA software to attack their customers
- CISA, NCSC, ACSC & FBI report on top routinely exploited vulnerabilities

Download report

June 2021

- Siloscape: A cloud native attack targeting windows containers
- GELSEMIUM: Operation NightScout supply chain attack
- ATM Jackpotting: Exploiting NFC vulnerability
- SITA: Data breach effecting Air India linked to APT41
- Data Breaches: McDonalds SK and Volkswagen

Download report

April 2021

- Pulse Secure VPN Vulnerabilities Actively Exploited In The Wild
- Sonicwall Email Security Product Zero Days Under Active Exploitation
- US Government Attributes Solarwinds Campaign To Russian SVR
- Codecov Supply Chain Breach
- Lazarus Group: Vyveva Backdoor
- Facebook And Linkedin Data Leaks

Download report

March 2021

- Proxylogon Exploits Microsoft Exchange Zero-day Vulnerabilities Crisis
- UNC2452/Nobelium New Second-stage Malware Discovered
- Supernova Webshell: Spiral Threat Group Targeted Solarwinds
- Operation Dianxun: Mustang Panda’s Latest Campaign Targeting Telecommunications
- Accellion FTA Vulnerability: Shell Energy Company, Qualys Cyber Security Firm And Flagstar Bank
- Indrik Spider: Changing Ttps In Response To Sanctions
- Red Echo Targeting Indian Critical Infrastructure: China-indian Geopolitical Tensions
- APT10 Delivering Multi-layered Loader Ecipekac In A41APT Campaign

Download report

February 2021

- Silver Sparrow, a macOS malware compiled for Apple’s new M1 ARM64 chip architecture was identified infecting a large number of endpoints
- ANSSI disclosed a three-year campaign by the Sandworm threat actor targeting the IT monitoring software company Centreon
- A water treatment facility was compromised in the US and chemical levels in the water alerted after an actor gained access via TeamViewer
- CISA reported on activity by an APT group linked to the DPRK targeting organizations involved in the Cryptocurrency vertical
- Multiple vulnerabilities in Accellion’s File Transfer Appliance (FTA) exploited for data theft and extortion of victims
- Operation NightScout: A supply Chain compromise of gamers in Asia through BigNox’s NoxPlayer delivers surveillance related malware
- Lazarus group targeting defense industry with spearphishing and ThreatNeedle malware cluster to steal sensitive data

Download report

Slide 1
Slide 2
Slide 3

Om os

Nyheder

Select a language

Europe

North America

Central and South America

Asia - Pacific

Global

Løbende risikostyring

Maksimer operationel effektivitet

Forebyg og beskyt

Opdag og reager

Highlights

WithSecure excels again in the MITRE ATT&CK® Evaluation

What is attack surface management

Uncovering the hidden truths of cloud security

Software og services

Consulting

Managed services

Highlights

Elements Cloud-baseret sikkerhed mod malware, ransomware og meget mere

WithSecure™ Countercept

Cloud Security | Endpoint Protection, Vulnerability Management

Highlights

Success story - Yahoo Japan Corporation

WithSecure™ Foundry | Cyber Security Solutions

Strategic leader in av-comparatives endpoint prevention and response

Bliv en partner

Nuværende samarbejdspartnere

Find en partner

Highlights

WithSecure Elements Quarterly

WithSecure™ Pulse 2023 - What does the future hold for cyber security?

Key ingredients of a profitable managed security service

Knowledge base

Kontakt support

Vigtige opdateringer

Login til kundeportalen

Highlights

WithSecure™ Download Center

Produktopdateringer

Forny abonnement

Monthly Threat Highlights Report

Latest highlights

May 2022

April 2022

March 2022

Previous reports

February 2022

January 2022

November 2021

October 2021

September 2021

August 2021

July 2021

June 2021

April 2021

March 2021

February 2021