Incidents

New Bagle active

A new Bagle variant is spammed to users. We received over 40 letters from users with Bagle.at. Anti-virus databases are updated and we are monitoring the situation.

Bagle.at is very similiar to recent Bagle variants and also installs an email proxy server.

I-Worm.Bagle.at

New Bagle active

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox