In this blog entry, we discuss how Shadowpad is being used to deploy a new undetected ransomware family. Attackers deploy the malware by exploiting weak passwords and bypassing multi-factor authentication.| Trend Micro
Threat actors abused Visual Studio Code and Microsoft Azure infrastructure to target large business-to-business IT service providers in Southern Europe.| SentinelOne
SentinelLABS has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.| SentinelOne
Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence.| SentinelOne
black basta ransomware demands hefty payouts while threatening public data leaks. Find out its approach and how to stay one step ahead.| SentinelOne
An unknown threat cluster, Green Nailao, has been actively targeting European organizations, particularly in the healthcare sector, between June and October 2024. Tracked by Orange Cyberdefense CERT, this campaign exploited CVE-2024-24919 on vulnerable Check Point Security Gateways to deploy ShadowPad and PlugX, two implants linked to China-nexus cyber intrusions. Our reverse-engineering team uncovered a highly obfuscated ShadowPad variant using Windows services and registry keys for persiste...| www.orangecyberdefense.com
A federal court in St. Louis, Missouri, yesterday indicted 14 nationals of the Democratic People’s Republic of North Korea (DPRK or North Korea) with long-running conspiracies to violate U.S. sanctions and to commit wire fraud, money laundering, and identity theft. Specifically, the conspirators, who worked for DPRK-controlled companies Yanbian Silverstar and Volasys| www.justice.gov
Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.| SentinelOne
