Intelligence & Analytics September 1, 2022

Raspberry Robin and Dridex: Two Birds of a Feather

8 min read - IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin…

Malware August 18, 2022

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

26 min read - A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is…

Intelligence & Analytics July 7, 2022

Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine

13 min read - Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine.…

Malware March 15, 2022

CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations

3 min read - On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware…

Malware February 24, 2022

New Destructive Malware Used In Cyber Attacks on Ukraine

8 min read - This post was written with contributions from IBM Security X-Force’s Anne Jobmann, Claire Zaboeva and Richard Emerson. February 25, 2022 Update On February 24 2022, Symantec Enterprise reported a ransomware dubbed as PartyTicket was deployed alongside the HermeticWiper malware. IBM…

Malware December 15, 2021

Nation State Threat Group Targets Airline with Aclip Backdoor

8 min read - IBM Security X-Force has observed a state-sponsored adversary using a new backdoor that utilizes Slack to attack airline organizations. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic,…

Advanced Threats May 14, 2020

X-Force IRIS Overcomes Broken Decryption Mechanism in Jest Ransomware

10 min read - IBM X-Force Incident Response and Intelligence Services (IRIS) recently helped a company fend off a ransomware attack by building a custom decryptor for a strain of ransomware known as "Jest."

Malware April 30, 2020

TrickBot Campaigns Targeting Users via Department of Labor FMLA Spam

4 min read - Recent analysis from IBM X-Force spam traps uncovered a new Trickbot campaign that currently targets email recipients with fake messages purporting to come from the U.S. Department of Labor.

Government April 27, 2020

SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT

5 min read - As the ongoing COVID-19 pandemic impacts small businesses in the U.S., cybercriminals are trusting that people will be more likely to open unsolicited emails purporting to come from relevant entities.

Endpoint April 21, 2020

New Android Banking Trojan Targets Spanish, Portuguese Speaking Users

6 min read - IBM X-Force recently analyzed a new Android banking Trojan dubbed "Banker.BR" that appears to be targeting users in Spain, Portugal, Brazil and other parts of Latin America.