Threat Intelligence

Recently, our research team discovered an interesting post, on a Russian-language cybercrime forum, of a threat actor advertising a phishing toolkit. In the actor’s first post related to the phishing service, they were only selling monthly subscription packages. However, through a reliable source, we have gathered other details about this phishing campaign, including the tactics, techniques, and procedures (TTPs) used.

CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website.

Category: Vulnerability Intelligence Vulnerability Class: Server-Side Template Injection/RCE CVE ID: CVE-2022-22954 CVSS:3.0 Score: 9.8 Executive Summary CloudSEK’s Customer Threat Research Team analyzed remote code execution impacting Vmware products that include Workspace ONE Access and Identity Manager. The VMware Workspace ONE Access provides users faster access to SaaS, web, and native mobile apps with Multi-Factor […]

Email addresses and passwords of 6835 WHO employees resurface on Nulled. These credentials were also posted on Pastebin, last month.

DeepPaste user sends stock images to buyers, claims to have the vaccine for COVID-19, developed by Israel. The user takes advantage of anxious customers.

RansomHouse group has allegedly breached IPCA Laboratories. The incident took place on 3 September 2022, and the current status is under encryption with approximately 6000 views.

CloudSEK Threat Intelligence Advisory on T-RAT, uses Telegram as its Command & Control channel, capable of keylogging, screen capture, etc.

The leaked database contains blood group, mobile number, email ID, password, among other information pertinent to registered donors.