Espionage activity targeting Asian governments, Webworm develops customized tools, and latest Noberus TTPs
Description
On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss some of the recent blogs that the Symantec Threat Hunter team has published. We discuss a new wave of espionage activity targeting Asian governments by attackers who were formerly associated with the ShadowPad malware but who appear to have now adopted a new toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. We also examine the current activities of a group we call Webworm, which has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. We also discuss a blog we have published about the Noberus (aka BlackCat ) ransomware, and the recent tactics, tools, and procedures we have seen deployed alongside that ransomware recently.
On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the Symantec Threat Hunter Team’s latest blog detailing a recent campaign by the Billbug espionage group, in which it targeted a certificate authority and multiple government agencies in various countries in Asia. We...
Published 11/17/22
On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss two recent Symantec blogs, including one detailing the new Exbyte data exfiltration tool, which is being used by at least one affiliate of the BlackByte ransomware gang. We also discuss our blog about a group called...
Published 11/03/22