Research
-
Research
Microsoft ProxyNotShell Zero Days
Prepared by: Rob Ames, Staff Threat Researcher, Jared M. Smith, Ph.D., Senior Director of Threat Research, Ryan Sherstobitoff, SVP of Threat Intelligence
More Details -
Research
Cyber Risk Intelligence: County Government Cyber Incident May Have Involved Social Engineering and Targeting of Vulnerable SSH Services
More DetailsDr. Rob Ames, Staff Threat Researcher
Cyber Threat Intelligence, Public Sector -
Research
Daixin Team Ransomware Group Claimed Airline Ransomware Attack
More DetailsCyber Threat Intelligence, Public Sector -
Research
Cyber Risk Intelligence Update: STRIKE Team Investigation Identifies Possible Flax Typhoon Links to Higher Education
Following Microsoft’s identification of Flax Typhoon, a new threat actor group believed to conduct espionage on behalf of the People’s Republic of China (PRC), the STRIKE Team used SecurityScorecard’s data to investigate the IoCs Microsoft supplied in its report. This investigation yielded a collection of new IP addresses featuring the same TLS certificates that Microsoft linked to Flax Typhoon.
More DetailsCyber Threat Intelligence, Public Sector -
Research
SecurityScorecard Identifies Possible Flax Typhoon Infrastructure
On August 24, Microsoft published its analysis of espionage activity it attributes to a new threat actor group tracked as Flax Typhoon, which it assesses to act on behalf of the People’s Republic of China.
More DetailsCyber Threat Intelligence -
Research
LockBit Ransomware Group Claims Attack Against Prominent Taiwanese Semiconductor Firm
On June 29, the LockBit ransomware group added an entry for a major semiconductor manufacturer to its data leak site.
More DetailsAttack Surface Management, Cyber Insurance, Cyber Threat Intelligence, Supply Chain Cyber Risk -
Research
Investigation into Last Month’s Royal Ransomware Attack Against a City Government
On May 1, local media reported that a city government had suffered a disruption resulting from an attack claimed by the Royal ransomware group.
More DetailsCyber Threat Intelligence, Public Sector -
Research
Investigation into Breached Australian Organizations
In mid-March, two Australian financial and professional services firms reported data breaches. These were followed by a series of cyber incidents affecting large Australian firms throughout 2022 and early 2023. As a result, some reporting on the incidents presented them as indications of systematic shortcomings in the country’s cyber defenses.
More DetailsCyber Threat Intelligence -
Research
Ransomware Affiliates Exploit Recently-Discovered PaperCut Vulnerability
On April 26, security researchers announced the discovery of CVE-2023-27350 and CVE-2023-27351, vulnerabilities in the PaperCut print management software solution.
More DetailsCyber Threat Intelligence -
Research
LockBit Group Claims Ransomware Attack Against Southeast Asian Bank
On May 8, the LockBit ransomware group claimed an attack against a major state-owned bank in Southeast Asia.
More DetailsCyber Threat Intelligence -
Research
Cyber Risk Intelligence: Cold Storage and Logistics Disruption
On April 26, reports of a service disruption affecting a major cold storage and logistics firm surfaced.
More DetailsCyber Threat Intelligence -
Research
New APT29 – Attributed Phishing Activity Targets Diplomatic Services
On April 13, Poland’s Computer Emergency Response Team (CERT.PL) and Military Counterintelligence Service released a group of joint advisories regarding newly-observed espionage activity attributed to a Russia-linked threat actor group.
More DetailsCyber Threat Intelligence