Super excited to share research that we just published related to activity associated with #TA866 #AsylumAmbuscade since 2021 as well as links to recent #WarmCookie/#BadSpace activity. Check it out!

https://blog.talosintelligence.com/highlighting-ta866-asylum-ambuscade/

We also did an comparative analysis of the code execution flow in #Resident backdoor and #WarmCookie and took a look at recent changes in #WarmCookie functionality!

https://blog.talosintelligence.com/warmcookie-analysis/

New research published today on #TA866 making their return to email. Interesting new TTPs to deliver the custom WasabiSeed and Screenshotter toolkit. This is yet another actor that uses #TA571 for payload delivery.

https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign

This week's newsletter is hot off the press, get it here: https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16

The #ESXiArgs escapades have gone from bad to okay and back to bad again, after attackers revised their encryption routine to bypass CISA's recovery script, and launched a 2nd wave of attacks that resulted in the reinfection of hundreds of hosts. Worst yet - we don't know how they're doing it, as the OpenSLP service (believed to be their method of ingress) has been disabled in a number of reported infections.

PowerShell isn't dead - The DFIR Report published their analysis of an apparent attack by Iran's Oilrig/APT34, whose initial infection relied exclusively on PowerShell and remained undetected for a significant period of time.

Proofpoint have unveiled #TA866, a savvy threat group that leverages the 404 Traffic Distribution System and little known AutoHotKey scripting language to cherry pick their targets.

#RedTeam members might find the BokuLoader Reflective Loader for #CobaltStrike useful in their next engagements, as well as #LocalPotato - the latest PrivEsc technique to join the Potato family.

#BlueTeam - check out a list of resources that popped up last week to help analyse #ASyncRAT malware and infections, as well as some helpful how-tos on hunting IIS backdoors and DLL abuse techniques

Happy reading, and happy Monday!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-b16

#infosec #CyberAttack #Hacked #cyber #news #cybernews #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #redteam #soc #threatintel #threatintelligence #vmware #ESXi