Unveiling TITAN AI: A New Era of Threat-Informed Third-Party Risk Management
Request a demo Get started for free

Resources

Cybersecurity white papers, data sheets, webinars, videos and more

Resource Library

Clear filters

Investigation of North Korea-Linked Indicators of Compromise (IOCs)

January 23, 2024

Investigation of North Korea-Linked Indicators of Compromise (IOCs)
Executive Summary On February 9, CISA published a #StopRansomware alert regarding ransomware attacks against healthcare and public health organizations they attribute to threat actors acting on behalf of the North Korean state. The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team consulted internal and external data sources to enrich the indicators… Read More
Cyber Threat Intelligence
Newly-identified Vulnerability Affecting All Versions of Outlook for Windows

January 23, 2024

Newly-identified Vulnerability Affecting All Versions of Outlook for Windows
Executive Summary On March 14, Microsoft released a security update for a newly-identified vulnerability affecting all versions of Outlook for Windows. Current reports indicate that the vulnerability is under active exploitation by a threat actor group the cybersecurity community believes is acting on behalf of the GRU, Russia’s military intelligence… Read More
Cyber Threat Intelligence
New Intrusion Campaign Targeting Users of Popular Business Communication Software

January 23, 2024

New Intrusion Campaign Targeting Users of Popular Business Communication Software
Executive Summary On March 29, cybersecurity vendors announced that a new intrusion campaign had targeted users of business communication software company 3CX’s desktop client through a supply-chain attack. Initial reports have attributed the activity to the threat actor group tracked as Labyrinth Chollima, which is believed to conduct espionage on behalf… Read More
Cyber Threat Intelligence
Investigations of Lazarus Group Indicators of Compromise Reveals Suspicious Traffic Involving State Government IP Addresses

January 23, 2024

Investigations of Lazarus Group Indicators of Compromise Reveals Suspicious Traffic Involving State Government IP Addresses
Executive Summary In early February, analysts attributed a new intrusion affecting a healthcare research organization to the Lazarus Group, a well-established threat actor believed to act on behalf of the government of the Democratic People’s Republic of Korea (DPRK). In an effort to enrich the Indicators of Compromise (IoCs) provided in… Read More
Cyber Threat Intelligence
Attackers Exploit Windows Vulnerability to Deliver Nokoyawa Ransomware

January 23, 2024

Attackers Exploit Windows Vulnerability to Deliver Nokoyawa Ransomware
On April 11, security researchers announced the discovery of CVE-2023-28252, a zero-day vulnerability under active exploitation by a sophisticated cybercriminal group. The vulnerability affects all versions of Windows and could therefore be quite widespread; however, a patch is available.\r\n
Cyber Threat Intelligence
New APT29 – Attributed Phishing Activity Targets Diplomatic Services

January 23, 2024

New APT29 – Attributed Phishing Activity Targets Diplomatic Services
On April 13, Poland’s Computer Emergency Response Team (CERT.PL) and Military Counterintelligence Service released a group of joint advisories regarding newly-observed espionage activity attributed to a Russia-linked threat actor group.
Cyber Threat Intelligence
Cyber Risk Intelligence: Cold Storage and Logistics Disruption

January 23, 2024

Cyber Risk Intelligence: Cold Storage and Logistics Disruption
On April 26, reports of a service disruption affecting a major cold storage and logistics firm surfaced.
Cyber Threat Intelligence
LockBit Group Claims Ransomware Attack Against Southeast Asian Bank

January 23, 2024

LockBit Group Claims Ransomware Attack Against Southeast Asian Bank
On May 8, the LockBit ransomware group claimed an attack against a major state-owned bank in Southeast Asia.
Cyber Threat Intelligence
Ransomware Affiliates Exploit Recently-Discovered PaperCut Vulnerability

January 23, 2024

Ransomware Affiliates Exploit Recently-Discovered PaperCut Vulnerability
On April 26, security researchers announced the discovery of CVE-2023-27350 and CVE-2023-27351, vulnerabilities in the PaperCut print management software solution.
Cyber Threat Intelligence
Investigation into Breached Australian Organizations

January 22, 2024

Investigation into Breached Australian Organizations
In mid-March, two Australian financial and professional services firms reported data breaches. These were followed by a series of cyber incidents affecting large Australian firms throughout 2022 and early 2023. As a result, some reporting on the incidents presented them as indications of systematic shortcomings in the country’s cyber defenses.\r\n\r\n
Cyber Threat Intelligence
Investigation into Last Month’s Royal Ransomware Attack Against a City Government

January 22, 2024

Investigation into Last Month’s Royal Ransomware Attack Against a City Government
On May 1, local media reported that a city government had suffered a disruption resulting from an attack claimed by the Royal ransomware group.\r\n
Cyber Threat Intelligence
Public Sector
LockBit Ransomware Group Claims Attack Against Prominent Taiwanese Semiconductor Firm

January 22, 2024

LockBit Ransomware Group Claims Attack Against Prominent Taiwanese Semiconductor Firm
On June 29, the LockBit ransomware group added an entry for a major semiconductor manufacturer to its data leak site.
Attack Surface Management
Cyber Insurance
Cyber Threat Intelligence
SecurityScorecard Identifies Possible Flax Typhoon Infrastructure

January 22, 2024

SecurityScorecard Identifies Possible Flax Typhoon Infrastructure
On August 24, Microsoft published its analysis of espionage activity it attributes to a new threat actor group tracked as Flax Typhoon, which it assesses to act on behalf of the People’s Republic of China.
Cyber Threat Intelligence
Cyber Risk Intelligence Update: STRIKE Team Investigation Identifies Possible Flax Typhoon Links to Higher Education

January 22, 2024

Cyber Risk Intelligence Update: STRIKE Team Investigation Identifies Possible Flax Typhoon Links to Higher Education
Following Microsoft’s identification of Flax Typhoon, a new threat actor group believed to conduct espionage on behalf of the People’s Republic of China (PRC), the STRIKE Team used SecurityScorecard’s data to investigate the IoCs Microsoft supplied in its report. This investigation yielded a collection of new IP addresses featuring the same TLS certificates that Microsoft linked to Flax Typhoon.\r\n\r\n
Cyber Threat Intelligence
Public Sector
Daixin Team Ransomware Group Claimed Airline Ransomware Attack

January 22, 2024

Daixin Team Ransomware Group Claimed Airline Ransomware Attack
Executive Summary An information security researcher reported on November 20 that the Daixin Team ransomware group had claimed that a recent attack against an airline had resulted in a breach exposing the personal data of all airline employees and five million passengers. Following this report, the SecurityScorecard Threat Research,… Read More
Cyber Threat Intelligence
Public Sector
Cyber Risk Intelligence: County Government Cyber Incident May Have Involved Social Engineering and Targeting of Vulnerable SSH Services

January 22, 2024

Cyber Risk Intelligence: County Government Cyber Incident May Have Involved Social Engineering and Targeting of Vulnerable SSH Services
Executive Summary A U.S. county government announced on September 11 that a recent cyber incident strongly resembling a ransomware attack had disrupted its online services. SecurityScorecard researchers identified evidence suggesting two possible (and not mutually exclusive) paths by which the threat actors may have accessed county systems: Two… Read More
Cyber Threat Intelligence
Public Sector
Microsoft ProxyNotShell Zero Days

January 22, 2024

Microsoft ProxyNotShell Zero Days
Prepared by: Rob Ames, Staff Threat Researcher, Jared M. Smith, Ph.D., Senior Director of Threat Research, Ryan Sherstobitoff, SVP of Threat Intelligence
Cyber Conflict And The Erosion Of Trust: Introducing the Cyber Resilience Scorecard

January 15, 2024

Cyber Conflict And The Erosion Of Trust: Introducing the Cyber Resilience Scorecard
Our report explores the intricate dynamics between cyber threats, economic resilience, and the vital component of societal trust.
Cyber Threat Intelligence
Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days

January 12, 2024

Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has identified new infrastructure that appears to be linked to the threat actor group tracked as Volt Typhoon. Volt Typhoon is a state-sponsored group based in China that typically focuses on espionage and information gathering. Approximately 30% of the Cisco RV320/325 devices observed by SecurityScorecard in a 37-day period may have been compromised by Volt Typhoon.
Cyber Threat Intelligence
SecurityScorecard Validation Assessment Summary

January 12, 2024

SecurityScorecard Validation Assessment Summary
Online found SecurityScorecard’s footprinting to be very accurate. Over the course of testing Online evaluated SecurityScorecard’s data for a total of 13 unique, unrelated, and randomly selected domains and found SecurityScorecard’s attribution process to have an accuracy of 95%. The accuracy for positively attributing IP Addresses was found to be 94% while for DNS Records it was found to be 100%.
North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel

January 10, 2024

North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel
This SecurityScorecard threat research sheds light on a significant cyber attack attributed to North Koreans tate-sponsored actors known as Andariel, emphasizing the critical role that South Korea plays both as a target and a source of infrastructure for these threat actors.
Cyber Threat Intelligence