Summary As part of our continuous hunting efforts across the Asia-Pacific region, the Arctic Wolf® Labs team discovered Pakistani-based advanced persistent threat group Transparent Tribe

Summary In late 2023, the Arctic Wolf® Labs team identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in

Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as

UPDATE: While the analyzed samples in this report were initially stated as iOS, they are actually Mach-O samples used in the macOS version of LightSpy.  

Background Arctic Wolf Labs has been tracking two recent intrusions where threat actors leveraged a new Go-based malware downloader we are calling “CherryLoader” that allowed

This article aims to share timely and relevant information about a rapidly developing campaign under investigation. We are publishing it as early as possible for

Summary On October 30, Israeli-based incident response company SecurityJoes posted findings about a new wiper malware for Linux systems used by pro-Hamas hacktivists in the

1 Summary 2 Ransomware Binary Analysis 2.1 Configuration Format 2.2 Encryption Management Routine 2.3 File Enumeration Routine 2.4 File Processing 2.5 Stopping Services 2.6 Encryption

Summary Arctic Wolf® has discovered a new campaign we’ve dubbed “Silent Skimmer,” involving a financially motivated threat actor targeting vulnerable online payment businesses in the

Summary The Arctic Wolf® Labs team has discovered and documented new tools used by the Cuba ransomware threat group. Cuba ransomware is currently into the

Key Takeaways Since March 2023, Akira ransomware has compromised at least 63 victims with approximately 80% of them being small to medium-sized businesses (SMBs). We

In today’s interconnected world, the reliance on secure file transfer software is paramount for businesses dealing with sensitive data. Among these tools, MOVEit Transfer software

Summary On July 4, the Arctic Wolf® Labs team found two malicious documents submitted from an IP address in Hungary, sent as lures to an

Summary The RomCom threat actor has been carefully following geopolitical events surrounding the war in Ukraine, targeting militaries, food supply chains, and IT companies. In

Summary An unknown financially motivated threat actor, most likely from Brazil, is targeting Spanish- and Portuguese-speaking victims, with the goal of stealing online banking access.

Key Takeaways  The Russian Federal Security Services’ (FSB) Snake malware, also known as “Uroburos,” is a highly sophisticated, modular cyber espionage tool used for long-term

Summary The Arctic Wolf® Labs team has been actively tracking and monitoring the SideWinder advanced persistent threat (APT) group, which has led to the discovery

Executive Summary ­ As organizations implement additional security controls and detections, threat actors adjust to bypass them. Since our initial investigation into a Lorenz ransomware

Summary  Early Friday morning, February 3, 2023, Arctic Wolf Labs began monitoring a new ransomware campaign targeting public-facing ESXi servers. The campaign has grown exponentially