New Immediate Threats!

Every week new cyber threats are announced in the world. As soon as a threat is known, the Cymulate Research Lab analyzes it, copies it and removes the sting. This de-weaponized threat is available within 48 hours to offensively test the resilience of security systems. This way you immediately know whether your security measures are still adequate and which rules you should apply if necessary.

New Immediate Threats is part of the Cymulate platform.

Would you like to know more, get a demo, or a try-out? Send your question to udo.messack@cert2connect.com

Below you can see the Immediate Threats of the past few weeks.

Cert2Connect

NEW IMMEDIATE THREATS!

    • DCRAT Employs HTML Smuggling To Target Users In Recent Campaign

      DCRat (aka Dark Crystal RAT) is a modular RAT that has been available since at least 2018. The malwares capabilities include executing shell commands stealing credentials and logging keystrokes from the infected system. It has historically been delivered via compromised websites phishing or dropped by other malicious files. Recently DCRat was observed using HTML smuggling for the first time this method allows the malware to attempt to bypass network defenses by embedding or retrieving payloads via obfuscated HTML files. The recent campaign was seen delivering a password-protected archive containing a self-extracting executable which were packed with tools like .NET Reactor ENIGMA or VMProtect. Upon successful extraction additional malicious payloads are automatically executed allowing the attacker to have evaded detection.

      See the solution
    • Kofurlak Ransomware

      New ransomware family is based on leaked LockBit source code

      See the solution
    • New China-Linked Group CeranaKeeper Targeted Thailand Government Entities With Custom Malware in Data Theft Campaigns

      New China-Linked Group CeranaKeeper Targeted Thailand Government Entities With Custom Malware in Data Theft Campaigns. CeranaKeeper a China-linked threat actor has been associated with data exfiltration campaigns targeting government entities in Thailand

      See the solution
    • A Measure of Motive How Attackers Weaponize Digital Analytics Tools

      Threat actors are repurposing digital analytics and advertising tools to evade detection and enhance their malicious campaigns. The report explores how link shorteners IP geolocation utilities CAPTCHA systems and advertising intelligence platforms are being weaponized. It provides insights into the tactics used by attackers and offers detection and mitigation strategies for defenders. The analysis covers specific examples of how these tools are exploited including the use of bit.ly for tracking phishing campaigns IP geolocation for targeted attacks CAPTCHA for evading security scans and competitive ad intelligence for crafting malvertising campaigns.

      See the solution