Labs Archive

WIP26 Espionage Threat Actors Abuse Cloud Infrastructure In Targeted Telco 4

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks

Aleksandar Milenkoski / February 16, 2023

A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.

PDF

Crimeware

Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available

Antonis Terefos / February 7, 2023

An in-the-wild ELF variant of Cl0p ransomware shows the gang is looking beyond traditional Windows targets.

PDF

MalVirt .NET Virtualization Thrives In New Malvertising Attacks 3

Crimeware

MalVirt | .NET Virtualization Thrives in Malvertising Attacks

Aleksandar Milenkoski / February 2, 2023

.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.

PDF

Adversary

DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation

Aleksandar Milenkoski / January 24, 2023

A cluster of attacks SentinelLabs tracks as DragonSpark uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.

PDF

Adversary

NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO

Tom Hegel / January 12, 2023

In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.

PDF

Blasting Event Driven Cornucopia WMI Based User Space Attacks Blind SIEMs And EDRs 3

LABScon

LABScon Replay | Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs

LABScon / January 11, 2023

WMI-based attacks impact all versions of Windows and can severely impact EDRs. Claudiu Teodorescu explores how they work and how they can be detected.