MalasLocker is a novel ransomware operation that has been active since the end of March 2023. It targets Zimbra servers, exfiltrating email data and encrypting files. Unlike traditional ransomware, MalasLocker doesn’t demand a direct ransom payment but requires the victim to make a donation to an approved non-profit charity. They
In the ever-evolving landscape of cyber threats, a new storm is brewing. The state-sponsored actor, Volt Typhoon, has been quietly infiltrating critical infrastructure organizations in the United States since mid-2021. This group, based in China, is known for its stealthy techniques and focus on espionage and information gathering. Their modus
In a fascinating article about Turla, the enigmatic hacker group, Andy Greenberg, spins a tale in the murky depths of the internet, woven through with threads of brilliant invention, stealth, and resilience. It starts in the shadowy corners of Russia’s cyberspace, where Turla has carved its notorious name. Lauded as
The DeepSeas cyber threat intelligence crew has observed exploitation of a zero-day exploit in US-based Progress’s MOVEit Managed File Transfer Software service. Further investigation by DeepSeas has uncovered a possible overlap with infrastructure known to be operated by the Russian state-aligned advanced persistent threat group Fancy Bear (aka APT28). Whether
The Cloud to Firmware exploitation revealed by Otorio’s Research can be viewed as a chain in the same way so many cybersecurity events are described, showing that a cybersecurity program’s strength is often determined by its weakest link. In the case at hand, the links are represented by a collection
Questions related to how security leaders can create the best threat intelligence programs for their organizations were recently covered in an episode of Cybersecurity America with Josh Nicholson. While there are many questions an organization should address when adopting a threat intelligence program, below are three of the many that
DeepSeas analysts identified an unspecified cyber threat actor conducting post-compromise activities in a company within the Architecture and Engineering industry. The targeted system was a domain controller that did not have an EDR agent installed. The DeepSeas SOC detected the creation of a file on an adjacent system that did
OneNote Files Used for Malware Delivery, Actors Iterate Rapidly A DeepSeas Summary DeepSeas has identified a new technique involving the use of OneNote files in malware delivery, though activity of this nature was observed to have accelerated among cybercriminal groups in December 2022. The use of this new filetype has
Yesterday was the first Patch Tuesday of the year, which some may speculate to be the cause of the FAA System Failure Grounding US Flights. Currently there is no indication of a cyber attack. Summary: On 11 January 2023, reports on social media and news sites began circulating that the
21% of the DeepSeas crew are Veterans or Active Military Reservists. Join our talented crew of cyber experts.
You pick the time and day. We'll be ready to answer your questions.
