Executive Summary The Arctic Wolf® Labs team has discovered that the cyber-espionage group UAC-0226, known for utilizing the infostealer GIFTEDCROOK, has significantly evolved its capabilities.
Takeaways Arctic Wolf® observed a recent campaign by the financially motivated threat group Venom Spider targeting hiring managers with spear-phishing emails. The group abuses legitimate
Takeaways Arctic Wolf® observed a recent campaign by the financially motivated threat group Venom Spider targeting hiring managers with spear-phishing emails. The group abuses legitimate
Executive Summary During routine monitoring of the cyber threat landscape in Southeast Asia, the Arctic Wolf Labs team came across a relatively recent Indonesian-based hacktivist
Key Takeaways Arctic Wolf observed a recent campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. The campaign involved unauthorized
Key Takeaways Cleo MFT products were exploited by threat actors to deploy a malicious PowerShell stager, culminating in the execution of a Java-based backdoor we
Key Takeaways Arctic Wolf has observed multiple intrusions across a variety of industries involving Palo Alto Network firewall devices. Affected devices triggered downloads over HTTP
Summary In early September, as part of the Arctic Wolf® Labs team’s continuous monitoring of cyber activities across the Indian subcontinent, we came across an
Key Takeaways Arctic Wolf has observed an influx of at least 30 Akira and Fog intrusions across a variety of industries since early August, each
Summary As part of our continuous threat hunting efforts, the Arctic Wolf® Labs team has discovered a new campaign by the nation-state threat actor known
Summary Beginning in early July 2024, Arctic Wolf responded to multiple SocGholish/FakeUpdate intrusions that resulted in a seemingly benign payload being delivered as a second-stage
Summary In June 2024, a threat group utilizing Akira ransomware was discovered targeting a Latin American airline. The threat actor initially accessed the network via
Summary On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed
Summary As part of our continuous hunting efforts across the Asia-Pacific region, the Arctic Wolf® Labs team discovered Pakistani-based advanced persistent threat group Transparent Tribe
Summary In late 2023, the Arctic Wolf® Labs team identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in
Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as
UPDATE: While the analyzed samples in this report were initially stated as iOS, they are actually Mach-O samples used in the macOS version of LightSpy.
Background Arctic Wolf Labs has been tracking two recent intrusions where threat actors leveraged a new Go-based malware downloader we are calling “CherryLoader” that allowed
Key Takeaways Arctic Wolf Labs has investigated several cases of Royal and Akira ransomware victims being targeted in follow-on extortion attacks starting in October 2023.
This article aims to share timely and relevant information about a rapidly developing campaign under investigation. We are publishing it as early as possible for
Summary On October 30, Israeli-based incident response company SecurityJoes posted findings about a new wiper malware for Linux systems used by pro-Hamas hacktivists in the
1 Summary 2 Ransomware Binary Analysis 2.1 Configuration Format 2.2 Encryption Management Routine 2.3 File Enumeration Routine 2.4 File Processing 2.5 Stopping Services 2.6 Encryption
Summary Arctic Wolf® has discovered a new campaign we’ve dubbed “Silent Skimmer,” involving a financially motivated threat actor targeting vulnerable online payment businesses in the
Key Takeaways: Compared to the second half of 2022, Arctic Wolf Incident Response saw a 46% increase in ransomware incidents during the first half of
Key Takeaways Since March 2023, Akira ransomware has compromised at least 63 victims with approximately 80% of them being small to medium-sized businesses (SMBs). We
In today’s interconnected world, the reliance on secure file transfer software is paramount for businesses dealing with sensitive data. Among these tools, MOVEit Transfer software
Key Takeaways The Russian Federal Security Services’ (FSB) Snake malware, also known as “Uroburos,” is a highly sophisticated, modular cyber espionage tool used for long-term
Executive Summary As organizations implement additional security controls and detections, threat actors adjust to bypass them. Since our initial investigation into a Lorenz ransomware
Summary Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially
Key Takeaways Arctic Wolf Labs assesses with medium confidence that the Lorenz ransomware group exploited CVE-2022-29499 to compromise Mitel MiVoice Connect to gain initial access
