en
GET A CONSULTATION
The Duck is Hiring in Italy: DUCKTAIL Spread via Compromised LinkedIn Profiles
The Duck is Hiring in Italy: DUCKTAIL Spread via Compromised LinkedIn Profiles
October 25, 2023

Cluster25 observed a malicious campaign that employs LinkedIn messages as a vector for executing identity theft attacks....

Read this article

CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
October 12, 2023

Cluster25 observed and analyzed several phishing-based attacks to be linked to a Russia-nexus nation-State threat actor....

Read this article

The Fraud Gala: Exploring a Recent BEC Campaign
The Fraud Gala: Exploring a Recent BEC Campaign
August 25, 2023

In the modern digital era, businesses operate on a global scale, exchanging information, collaborating, and conducting f...

Read this article

Back in Black: BlackByte Ransomware returns with its New Technology (NT) version
Back in Black: BlackByte Ransomware returns with its New Technology (NT) version
May 22, 2023

BlackByte is a Ransomware-as-a-Service (RaaS) group that is known for the use of the homonymous malware that is constant...

Read this article

Cluster25 has become partner of DNS0 Project
Cluster25 has become partner of DNS0 Project
May 2, 2023

We are pleased to announce to have become a partner of the DNS0 Project, the European security-oriented DNS born to prot...

Read this article

Cluster25 joins the VirusTotal community
Cluster25 joins the VirusTotal community
March 16, 2023

We are proud to announce that Cluster25 has joined the VirusTotal community, improving its website/domain scanning engin...

Read this article

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
December 22, 2022

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spre...

Read this article

Sanctioned deals: the Irano-Russian connection under Ankara's supervision. Analysis of the NPPD leak
Sanctioned deals: the Irano-Russian connection under Ankara's supervision. Analysis of the NPPD leak
November 7, 2022

On October 22nd, during the usual OSInt monitoring, Cluster25 detected the Farsi speaking hacktivist TA known as Black R...

Read this article

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
September 23, 2022

Cluster25 researchers collected and analyzed a lure document used to implant a variant of Graphite malware, uniquely lin...

Read this article

Erbium InfoStealer Enters the Scene: Characteristics and Origins
Erbium InfoStealer Enters the Scene: Characteristics and Origins
September 15, 2022

On the 21st of July 2022 on a DWW (Deep/Dark Web) forum, a Russian speaking threat actor created an announcement about t...

Read this article

Prev 1 2 3 Next
Categories
Popular Posts
CVE-2023-38831 Exploited by Pro-R...
October 12, 2023
The Duck is Hiring in Italy: DUCK...
October 25, 2023
The Fraud Gala: Exploring a Recen...
August 25, 2023