SecurityScorecard Blog
Read the latest blog posts published weekly.
-
BlogLazarus Group Targets Developers Through NPM Packages and Supply Chain Attacks
February 13, 2025North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named "Marstech1."
More DetailsSTRIKE Team -
BlogA Deep Peek at DeepSeek
February 10, 2025DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the data and why.
More DetailsSTRIKE Team -
BlogOperation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
January 29, 2025In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named "Phantom Circuit," targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.
More DetailsSTRIKE Team -
Blog, ResearchOperation 99: North Korea’s Cyber Assault on Software Developers
January 15, 2025On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit.
More DetailsRyan Sherstobitoff, SVP, Threat Research & Intelligence in Threat Intelligence
STRIKE Team -
BlogThe Botnet is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat
November 12, 2024Discover the resurgence of Volt Typhoon, a state-sponsored cyber-espionage group targeting the energy sector. Learn how they exploit legacy systems and outdated devices to embed themselves within critical infrastructure, posing a silent yet significant threat. Stay informed about the evolving tactics, global reach, and implications for national security.
More DetailsRyan Sherstobitoff, SVP, Threat Research & Intelligence
STRIKE Team -
BlogThe Job Offer That Wasn’t: How We Stopped an Espionage Plot
October 29, 2024Discover how SecurityScorecard thwarted a sophisticated cyber-espionage plot disguised as a job offer. Learn about the 'Contagious Interview' campaign, the tactics used by the Famous Chollima group, and essential strategies to protect your organization from targeted attacks. Don't let your next career move become a trap—stay informed and secure!
More DetailsSteve Cobb, CISO, SecurityScorecard
STRIKE Team -
BlogInside a North Korean Phishing Operation Targeting DevOps Employees
October 29, 2024Uncover how SecurityScorecard thwarted a sophisticated phishing attack targeting our DevOps team. This blog details a North Korean state actor's attempt to deploy a malicious backdoor through a fake job offer on social media. Learn about the evolving tactics of threat actors and how our swift response blocked potential damage. Stay informed and strengthen your defenses against these persistent cyber threats.
More DetailsRyan Sherstobitoff, SVP Threat Research & Intelligence
Nation State Actors, Phishing, STRIKE Team -
BlogTTPs Associated With a New Version of the BlackCat Ransomware
September 6, 2022In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor.
More DetailsCyber Threat Intelligence, STRIKE Team -
BlogAnalysis of APT35 infrastructure reveals interest in Egyptian Shipping Companies
August 31, 2022More DetailsRyan Slaney and Robert Ames, Staff Threat Researchers and Alex Heid, Chief Research Officer
STRIKE Team -
BlogWas the Explosion at Freeport LNG a Result of a Russian Cyber Attack?
August 2, 2022More DetailsDr. Robert Ames, Staff Threat Researcher
STRIKE Team -
BlogKillNet Utilizes CC-Attack: A Quick & Dirty DDoS Method
May 25, 2022SecurityScorecard's analysis of CC-Attack reveals the script automates the process of using open proxy servers to relay attacks.
More DetailsCyber Threat Intelligence, STRIKE Team -
Blog, Learning CenterJBS Ransomware Attack Started in March and Much Larger in Scope than Previously Identified
June 8, 2021SecurityScorecard found that the JBS ransomware attack started in March and is much larger in scope than previously identified. Check out SecurityScorecard's research.
More DetailsCyber Threat Intelligence, STRIKE Team
