Threat Analysis

Trigona ransomware

Possible Trigona Ransomware Appearance

A web server with RDP access had been brute forced by an actor who the DeepSeas cyber threat intelligence crew believes may have been trying to deliver and execute Trigona ransomware. The intruder performed many different malicious actions in the client’s environment after gaining initial access; establishing persistence, escalating privileges, evading defenses, performing asset discovery, conducting lateral movement, data collection, and more. Upon review of the intruder’s activities DeepSeas noted that some of the tactics, techniques, and procedures (TTPs) matched previously observed TTPs associated with the actor responsible for the Trigona ransomware.

Read More
Trigona ransomware

Possible Trigona Ransomware Appearance

A web server with RDP access had been brute forced by an actor who the DeepSeas cyber threat intelligence crew believes may have been trying to deliver and execute Trigona ransomware. The intruder performed many different malicious actions in the client’s environment after gaining initial access; establishing persistence, escalating privileges, evading defenses, performing asset discovery, conducting lateral movement, data collection, and more. Upon review of the intruder’s activities DeepSeas noted that some of the tactics, techniques, and procedures (TTPs) matched previously observed TTPs associated with the actor responsible for the Trigona ransomware.

Read More

Emerging AI Risk: AI Becoming (Unintended) Vulnerability Scanner

With the rise of artificial intelligence (AI) and machine learning (ML), we’re entering a new frontier where the tools designed to help us could inadvertently create new vulnerabilities. A recent observation by the SANS Internet Storm Center highlights this emerging risk in a way that should prompt us all to pause and reflect.

Read More
Malware targeting Russian defense contractor

Malware Targeting a Russian Defense Contractor

Findings Summary: Malware Targeting a Russian Defense Contractor On 14 December, DeepSeas automated scanning and analysis encountered a unique piece of malware targeting a Russian defense contractor on VirusTotal. The file in question, listed as 567000-13.rar, contains a .PDF file of the same name, which was likely directed toward an

Read More

Join our Team

21% of the DeepSeas crew are Veterans or Active Military Reservists. Join our talented crew of cyber experts.

Join Our Deep Partnership Ecosystem