minute read
Authors
We have decided to change the alert for Nyxem.e from red (severe risk) to green (informational).
There are still probably quite a few infected machines out there. However, as the destructive payload will only activate when a machine is (re)booted on the 3rd of each month, the direct danger is gone, for now.
Authors
From the same authors
In the same category
An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.
This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.
While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.
The hottest research right in your inbox
Nyxem.e status to green