A recent infrastructure exposure provided a rare look into an active INC ransomware affiliate targeting the Asia-Pacific region. In mid-June 2026, a pair of open directories were identified on AEZA Group LLC, a known bulletproof…
On March 20, 2026, an npm account operating under the username gemini-check published a package titled gemini-ai-checker, presenting itself as a utility to verify Google Gemini AI tokens. Interestingly, the package README displayed wording copied…
Executive Summary Recent analysis of PlugX malware samples has identified 14 domains assessed to be part of ongoing PRC espionage activity consistent with threat actors designated as Mustang Panda, UNC6384, and RedDelta. The majority of…
In early February 2026, a misconfigured server with more than one-thousand files was found exposed to the internet. Among them were stolen firewall configs, Active Directory maps, credential dump output, and detailed attack plans targeting…
Information stealers (infostealers) continue to be the tool of choice fueling an ever growing cybercriminal economy. Harvested credentials are a hot commodity, from account takeover and financial fraud, to underground markets, and hand offs to…
There are plenty of options when it comes to automating Python scripts. You can use cronjobs if your using *nix, scheduled tasks on Windows, and native libraries like schedule and apschedule. Tracking newly registered domains…
Bifrose or Bifrost is a backdoor initially targeting Windows systems with a long history. First identified in the early 2000’s, it is believed a hacking group (likely BlackTech), purchased the source code or gained access…
Summary BlackTech has built a reputation relying on (much to the delight of defenders) tech-themed domains and predictable registration patterns. Recent reporting linking malicious domains to the actor suggests these patterns may be fading, at…
21 August 2022 Recently, Avast tweeted a GitHub link of indicators of compromise (IOC) linked to the Manjusaka Framework. Cisco Talos released a blog earlier this month covering the framework in great detail, so I…
02 June 2022
The Kimsuky APT Group has routinely utilized the AppleSeed Backdoor to target various entities within South Korea, mainly for the purposes of espionage.
While phishing still remains the primary vector of delivering the backdoor, over the past year, Kimsuky has gone to great lengths to disguise its attacks, utilizing numerous types of decoy files, packers, and encoding schemes.