This article aims to share timely and relevant information about a rapidly developing campaign under investigation. We are publishing it as early as possible for
Summary On October 30, Israeli-based incident response company SecurityJoes posted findings about a new wiper malware for Linux systems used by pro-Hamas hacktivists in the
1 Summary 2 Ransomware Binary Analysis 2.1 Configuration Format 2.2 Encryption Management Routine 2.3 File Enumeration Routine 2.4 File Processing 2.5 Stopping Services 2.6 Encryption
Summary Arctic Wolf® has discovered a new campaign we’ve dubbed “Silent Skimmer,” involving a financially motivated threat actor targeting vulnerable online payment businesses in the
Key Takeaways: Compared to the second half of 2022, Arctic Wolf Incident Response saw a 46% increase in ransomware incidents during the first half of
Summary The Arctic Wolf® Labs team has discovered and documented new tools used by the Cuba ransomware threat group. Cuba ransomware is currently into the
Key Takeaways Since March 2023, Akira ransomware has compromised at least 63 victims with approximately 80% of them being small to medium-sized businesses (SMBs). We
In today’s interconnected world, the reliance on secure file transfer software is paramount for businesses dealing with sensitive data. Among these tools, MOVEit Transfer software
Summary On July 4, the Arctic Wolf® Labs team found two malicious documents submitted from an IP address in Hungary, sent as lures to an
Summary The RomCom threat actor has been carefully following geopolitical events surrounding the war in Ukraine, targeting militaries, food supply chains, and IT companies. In
Summary An unknown financially motivated threat actor, most likely from Brazil, is targeting Spanish- and Portuguese-speaking victims, with the goal of stealing online banking access.
Key Takeaways The Russian Federal Security Services’ (FSB) Snake malware, also known as “Uroburos,” is a highly sophisticated, modular cyber espionage tool used for long-term
Summary The Arctic Wolf® Labs team has been actively tracking and monitoring the SideWinder advanced persistent threat (APT) group, which has led to the discovery
Executive Summary As organizations implement additional security controls and detections, threat actors adjust to bypass them. Since our initial investigation into a Lorenz ransomware
Summary Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially
Key Takeaways Arctic Wolf Labs assesses with medium confidence that the Lorenz ransomware group exploited CVE-2022-29499 to compromise Mitel MiVoice Connect to gain initial access
