My first blog with Proofpoint is live! And we love a good crossover. State-sponsored actors try their hand at ClickFix - the hottest thing in cybercrime. Meet the North Koreans, Iranians, and Russians who are upping their social engineering game https://t.co/Uwes0VFkPJ
New FakeUpdate malware campaigns were discovered by @ThreatInsight.
Behind the campaigns are two new cybercrime groups that are working together to distribute a new info stealer for Mac computers alongside malware for Windows and Android hosts. https://t.co/MlWtPrUH91
DISCARDED is a #podcast all about the threat landscape and Proofpoint's human-centric approach to #cybersecurity.
This episode features real-world examples, techniques, and strategies used to identify, track, and eliminate malicious #domains.
Stream now: https://t.co/aB5ohCxXrT
Researchers from @Proofpoint uncovered an unusual campaign that attempts to deliver custom #malware dubbed #Voldemort.
The name was chosen by the threat actor, who may be an advanced persistent threat (APT) with intelligence gathering objectives.
Blog: https://t.co/XqjFMJXAYJ.
🕵️ Calling all armchair detectives, Brazzos fans, and malware enthusiasts 📣
Grab your pickle dips because Proofpoint @threatinsight expert Selena Larson has teamed up w/ @thecyberwire for a new #podcast: Only Malware in the Building.
Stream episode 1: https://t.co/prz8csmm9u.
Today we celebrate a major cybersecurity victory.
https://t.co/avgxm218Wz
#OperationEndgame, a global law enforcement effort supported by insights from @threatinsight experts at @Proofpoint and other industry vendors, resulted in...
🧵⤵️
From IcedID to Dagon Locker Ransomware in 29 Days
🌟Analysis & reporting completed by @r3nzsec, @angelo_violetti & UC1
🎵Audio: Available on Spotify, Apple, YouTube and more!
🏹Services: https://t.co/k8UVEOdKTQ
📚Report: https://t.co/sb3Pv4ootM
Proofpoint Staff Threat Intelligence Analyst Selena Larson is joining the lineup of incredible speakers set to take the stage at the #cybercrime conference, @SLEUTHCON.
Explore the full speaker list at https://t.co/KZIOzyuXOs and stay tuned for details on her talk!
#SLEUTHCON
New piece on TA427 (overlaps with Emerald Sleet, APT43, the K-word) 🇰🇵🇰🇵
Lots of benign email conversations to gather strategic information from NGOs, think tanks, and academics in the DPRK research space 📧📮
DMARC, typosquats, and solicitation oh my!
https://t.co/LmbWukIfU1
Proofpoint’s @threatinsight team has been tracking state-aligned actors for years. In a new report, they detail TA427, a group observed using new tactics, including persona spoofing and the incorporation of web beacons. https://t.co/7oTnI46NfH
Get to know advanced persistent threat (APT) #TA427:
👋 Also goes by #EmeraldSleet, #APT43, #THALLIUM, #Kimsuky
🤝 Likely supports #DPRK intelligence on US and ROK foreign policy
🔥 A savvy #socialengineering expert
💬 Likes the long game: builds rapport with targets over weeks/months
🥸 Uses multiple aliases, usually small/under-resourced think tanks and NGOs
😈 Seen abusing #DMARC, spoofing private email accounts, and typosquatting
Explore the blog, and help spread the word about TA427’s prolific activity so potential targets are prepared to protect their people and defend their data.
New blog out on #TA547 and #Rhadamanthys out. This isn't really a deep dive, but it's important to get blogs out in shorter time to the community too, in addition to the deep dives.
The actor has continued with almost daily similar campaigns since March 26th.
Pim Trouerbach, sr. reverse engineer at Proofpoint, takes DISCARDED podcast hosts Selena & Crista on a trip down malware lane.
Listen as he shares fond stories about his favorite malware, evolving banking trojans, the current threat landscape, and more! https://t.co/kFkw0ocT4d
After a 4 month absence from Proofpoint threat data, #Bumblebee is back. 🐝💥
The sophisticated #malware downloader was used in a February campaign targeting U.S. organizations with malicious emails containing OneDrive URLs. https://t.co/jROJgjDSmI
As Americans gear up for #taxseason, cybercriminals are preparing malicious tax-themed lures. https://t.co/KtyrsbwKi7
Proofpoint researchers recently identified the return of TA576, a cybercriminal actor that uses tax-themed lures to target accounting and finance organizations.
Just dropped 🚨 A new @Proofpoint DISCARDED #podcast episode featuring special guest @kevincollier, NBC's first and only dedicated cyber reporter.
Listen as Kevin shares the ins and outs of covering #cybersecurity stories for a mainstream audience.
🎧: https://t.co/uiuC9PUMSK
Some #TA576 stuff I worked with last week.
Benign Message > Reply > Actor Reply wi. web,app URL > Redir> ZIP > LNK > SyncAppvPublishingServer.vbs LOLBAS > PowerShell > MSHTA from URL > Encrypted PowerShell > Obfusc. PowerShell > Download and Run EXE > Heaven's Gate > Parallax RAT
After a nine-month hiatus, #ecrime threat actor #TA866 is back with a bang.
It returned in January with a new campaign and a new attack chain. But some things remain the same, with the group still favoring their custom WasabiSeed and Screenshotter toolkit.
#ThreatInsight 💡
The prolific North Korean state-backed threat actor known as TA444 is back with shiny new malware for targeting macOS users, dubbed "SpectralBlur."
@greglesnewich of @Proofpoint shared with @DarkReading his expert insights on the backdoor. https://t.co/2Uc3TjldsR