Introduction Recent research from Halcyon has uncovered a novel approach by a threat actor — referred to as Codefinger — who is actively abusing Amazon Web Services (AWS) by leveraging its native features to facilitate ransomware attacks in the wild. This technique underlines a powerful shift in the cyber threat landscape: instead of exploiting infrastructure outside the victim’s cloud environments, attackers are now using

In December 2024, two critical vulnerabilities in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:  In this blog entry, we discuss a fake proof-of-concept (PoC) exploit for CVE-2024-49113 (aka LDAPNightmare) designed to lure security researchers into downloading and executing information-stealing

Telefonica, a major telecommunications company, recently confirmed a breach in their internal ticketing system, which led to a significant data leak. The breach involved unauthorized access and extraction of sensitive information, including a vast amount of employee and operational data. Infostealer Malware and Social Engineering Tactics New information has emerged indicating that the breach was facilitated by a combination of

The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them. A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message (DM) on a Discord server asking about their interest in beta testing a new videogame

The cybersecurity landscape is rife with challenges, but some threats are quieter, subtler — and deadlier. Info stealers, the silent operators of the malware world, have made headlines for their efficiency in siphoning off sensitive data. While their mechanics and prevalence are well-documented, the real question for decision-makers is not just what these threats are but how to effectively address them before they escalate.

In a recent campaign, North Korean threat actors have demonstrated a sophisticated approach by copying novel malware distribution techniques, notably those employed in the Clickfix campaigns. This strategy underscores their adaptability and awareness of cybercrime trends. The Attack Sequence The operation initiates with the attackers posing as recruiters on professional networking platforms like LinkedIn. They engage potential victims by suggesting