Malware April 26, 2022

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

4 min read - Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The…

Advanced Threats July 12, 2021

RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation

12 min read - In a recent collaboration to investigate a rise in malware infections featuring a commercial remote access trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in the first…

Advanced Threats July 7, 2021

Attacks on Operational Technology From IBM X-Force and Dragos Data

8 min read - Operational Technology Threats in 2021: Ransomware, Remote Access Trojans and Targeted Threat Groups Organizations with operational technology (OT) networks face many unique — and often complicated — considerations when it comes to cybersecurity threats. One of the main challenges facing…

Malware July 9, 2019

Taking Over the Overlay: Reconstructing a Brazilian Remote Access Trojan (RAT)

4 min read - IBM X-Force researchers detected, reverse engineered, reconstructed and simulated a Delphi-based Brazilian remote access Trojan.

Malware July 2, 2019

Taking Over the Overlay: What Triggers the AVLay Remote Access Trojan (RAT)?

8 min read - IBM X-Force researchers discovered, reverse engineered and reconstructed AVLay, a remote access Trojan that mixes DLL hijacking with a legitimate executable borrowed from various antivirus programs.

November 20, 2018

TA505 Threat Group Distributes Previously Undocumented tRat Remote Access Trojan

< 1 min read - Researchers observed the TA505 threat group spreading a previously undocumented remote access Trojan (RAT) called tRaT.

July 18, 2017

GhostCtrl Android RAT Demonstrates Spooky Range of Capabilities

2 min read - Security researchers recently uncovered a scary version of GhostCtrl, an Android RAT with advanced capabilities that can be very difficult to detect.

July 17, 2017

The Adwind Remote Access Tool Experiences a Resurgence

2 min read - A new report detailed how Adwind, a remote access tool, is surging in popularity and putting countless users at risk for cyberattack.

May 2, 2017

Malware Campaign Targets Crucial Business Data

2 min read - Organizations across a range of industries are being targeted in a sophisticated campaign that uses malware to put critical information at risk.

April 26, 2017

Stealthy Remote Access Trojan Resurfaces

2 min read - A remote access Trojan remained undetected for several years due to its unconventional operating methods. Here's what to know about the Cardinal RAT.