Executive Summary During routine monitoring of the cyber threat landscape in Southeast Asia, the Arctic Wolf Labs team came across a relatively recent Indonesian-based hacktivist
Key Takeaways Arctic Wolf observed a recent campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. The campaign involved unauthorized
Key Takeaways Cleo MFT products were exploited by threat actors to deploy a malicious PowerShell stager, culminating in the execution of a Java-based backdoor we
Key Takeaways Arctic Wolf has observed multiple intrusions across a variety of industries involving Palo Alto Network firewall devices. Affected devices triggered downloads over HTTP
Key Takeaways Arctic Wolf has observed an influx of at least 30 Akira and Fog intrusions across a variety of industries since early August, each
Summary Beginning in early July 2024, Arctic Wolf responded to multiple SocGholish/FakeUpdate intrusions that resulted in a seemingly benign payload being delivered as a second-stage
Summary On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed
Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as
Background Arctic Wolf Labs has been tracking two recent intrusions where threat actors leveraged a new Go-based malware downloader we are calling “CherryLoader” that allowed
Key Takeaways Arctic Wolf Labs has investigated several cases of Royal and Akira ransomware victims being targeted in follow-on extortion attacks starting in October 2023.
This article aims to share timely and relevant information about a rapidly developing campaign under investigation. We are publishing it as early as possible for
1 Summary 2 Ransomware Binary Analysis 2.1 Configuration Format 2.2 Encryption Management Routine 2.3 File Enumeration Routine 2.4 File Processing 2.5 Stopping Services 2.6 Encryption
Key Takeaways: Compared to the second half of 2022, Arctic Wolf Incident Response saw a 46% increase in ransomware incidents during the first half of
Key Takeaways Since March 2023, Akira ransomware has compromised at least 63 victims with approximately 80% of them being small to medium-sized businesses (SMBs). We
In today’s interconnected world, the reliance on secure file transfer software is paramount for businesses dealing with sensitive data. Among these tools, MOVEit Transfer software
Key Takeaways The Russian Federal Security Services’ (FSB) Snake malware, also known as “Uroburos,” is a highly sophisticated, modular cyber espionage tool used for long-term
Executive Summary As organizations implement additional security controls and detections, threat actors adjust to bypass them. Since our initial investigation into a Lorenz ransomware
Summary Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially
Key Takeaways Arctic Wolf Labs assesses with medium confidence that the Lorenz ransomware group exploited CVE-2022-29499 to compromise Mitel MiVoice Connect to gain initial access
