The significant increase in remote work/work-from-home (WFH) over the past year as well as the recent high-profile attacks bypassing MFA that involved Solarwinds and cloud providers have heightened the need for the blue teams to better understand and detect attempts...

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical targeted Darkside ransomware attacks (tracked by Securonix Threat Research as RE$HOOD) with some of the recent victims including Colonial Pipeline Networks,...

In this session, Oleg Kolesnikov, VP of Threat Research at Securonix Threat Labs, will share: The latest technical insights into the HAFNIUM/Exchange attacks activity in the wild observed by the Securonix Threat Labs. A demonstration of the HAFNIUM/Exchange ProxyLogon/post-exploitation attack...

The Securonix Threat Research (STR) team is actively monitoring, investigating, and proactively hunting for the critical ongoing HAFNIUM (tracked by STR as CHOPPERWAVE) attacks and the related malicious activity. We are also tracking cryptomining implants and ransomware operator placement attempts...

The SolarWinds/SUPERNOVA attack targeted the National Financial Center (NFC), an agency inside the U.S. Department of Agriculture that reportedly handles payroll for several government organizations, including the State Department, FBI, Treasury Department, and the DHS. Today, we continue to see...

The Securonix Threat Research (STR) team has been actively investigating the critical ongoing SolarWinds Orion/SUNBURST supply chain attacks (monitored by STR as ECLIPSER) with some of the recent victims being one of the leading security vendors as well as a...

The Securonix Threat Research Team (STR) is actively investigating the details of the critical targeted Wastedlocker ransomware attacks that reportedly already exploited more than 31 companies, with 8 of the victims being Fortune 500 companies, to help our customers detect,...

The Securonix Threat Research team has recently been observing a number of new attacks/ security issues reported involving different remote workforce teleconferencing applications (TA), including Zoom, Cisco Webex, and Microsoft Teams. Some examples of the attacks/exploits reported include Zoom UNC...

In recent weeks, as many businesses have been rushing to institute a shift to remote work due to the COVID-19/coronavirus situation, we have been observing malicious threat actors attempting to exploit an increasing number of the associated cyberattack vectors. Download...

The Securonix Threat Research Team has been actively investigating the details of recent, critical targeted ransomware attacks against healthcare and data center cloud and managed service providers (MSP) that have been reported over the past couple of weeks. These attacks...

The Securonix Threat Research Team has been closely monitoring the LockerGoga targeted cyber sabotage/ransomware (TC/R) attacks impacting Norsk Hydro (one of the largest aluminum companies worldwide), Hexion/Momentive (a chemical manufacturer), and other companies’ IT and operational technology (OT) infrastructure, causing...

In recent months, we have been observing an increase in the number of automated attacks targeting exposed cloud infrastructure/Hadoop/YARN instances. Some of the attacks we have been seeing – for example, Moanacroner (a variant of Sustes) – are fairly trivial,...