The Recon incident response team recently responded to a case of business email compromise. The incident spanned over seven months of potential dwell time, and included the unraveling of encrypted malware hidden in an image file. Our analysis attributed the incident to a threat group known as TA551/Shathak, known for stealing banking credentials.
An Encounter With TA551/Shathak
May 18, 2021 2:00:00 PM / by Andrew Cook posted in DFIR, SecOps, Security, TA551, Shathak, Python, Malware
Analysis Of Exploitation: CVE-2020-10189
Mar 25, 2020 1:39:00 PM / by Luke Rusten posted in DFIR, Incident Response, Forensics, SecOps, InfoSec, Defense, Malware, Exploit, CVE-2020-10189, Intel Sharing, Zoho, Vulnerability, ManageEngine
The Recon incident response team recently worked an intrusion case involving a ManageEngine Desktop Central server that was affected by CVE-2020-10189.
Analysis of Exploitation: CVE-2019-3396
May 20, 2019 3:22:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Security, Malware, Exploit, Intel Sharing, Vulnerability
The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.
Macro Security for Enterprise Defenders
Oct 20, 2016 5:01:00 PM / by Eric Capuano posted in Defense, Malware, Macro
In my experience, one of those most prevalent and common threats to today’s enterprise networks comes in the form of malicious email attachments (shocker!). Attackers leverage document types that are most likely accessible to software installed on the victim endpoint, making Microsoft Office a prime target. Yes, in 2016, malicious macros are still a major problem.