Threat Intelligence September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. Explore the analysis.

Intelligence & Analytics July 28, 2023

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a…

Threat Intelligence April 27, 2023

Ex-Conti and FIN7 actors collaborate with new backdoor

15 min read - Former Conti syndicate and FIN7 members have collaborated to use a new backdoor dubbed "Minodo" to deliver the Project Nemesis infostealer. Explore the intricate nature of cooperation among cybercriminal groups and their members with in-depth analysis from IBM Security X-Force…

Security Services February 16, 2023

What are the duties of a malware analyst?

3 min read - Malware breaches begin in many ways. Recently, multiple fake antivirus apps in the Google Play Store were infected with malware. Earlier this year, malware deployed through satellites shut down modems in Ukraine. Destructive malware attacks have an average lifecycle of…

Malware September 1, 2022

Raspberry Robin and Dridex: Two birds of a feather

8 min read - IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin…

Malware August 18, 2022

From Ramnit to Bumblebee (via NeverQuest): Similarities and code overlap shed light on relationships between malware developers

26 min read - A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is…

Threat Intelligence July 7, 2022

Unprecedented shift: The Trickbot group is systematically attacking Ukraine

13 min read - Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine.…

Malware March 15, 2022

CaddyWiper: Third wiper malware targeting Ukrainian organizations

3 min read - On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware…

Malware February 24, 2022

New destructive malware used In cyber attacks on Ukraine

8 min read - This post was written with contributions from IBM Security X-Force’s Anne Jobmann, Claire Zaboeva and Richard Emerson. February 25, 2022 Update On February 24 2022, Symantec Enterprise reported a ransomware dubbed as PartyTicket was deployed alongside the HermeticWiper malware. IBM…

Threat Intelligence December 15, 2021

Nation state threat group targets airline with Aclip backdoor

8 min read - IBM Security X-Force has observed a state-sponsored adversary using a new backdoor that utilizes Slack to attack airline organizations. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic,…