THREAT INTELLIGENCE 14/February/2025 Rise in the use of remote monitoring and management software in malicious campaigns Tempest researchers identify an increase in the use of RMM tools in campaigns targeting Brazil
THREAT INTELLIGENCE 10/February/2025 Gh0st RAT: malware active for 15 years is still used by threat operators Find out how an open source RAT developed in 2008 is still relevant and has become the basis for different variants present in the most diverse campaigns.
THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
THREAT INTELLIGENCE 20/June/2023 Stooge Accounts: the final link in cybercrime money laundering in Brazil Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
THREAT INTELLIGENCE 11/July/2022 Stealers, access sales and ransomware: supply chain and business models in cybercrime Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
THREAT INTELLIGENCE 14/February/2025 Rise in the use of remote monitoring and management software in malicious campaigns Tempest researchers identify an increase in the use of RMM tools in campaigns targeting Brazil
THREAT INTELLIGENCE 10/February/2025 Gh0st RAT: malware active for 15 years is still used by threat operators Find out how an open source RAT developed in 2008 is still relevant and has become the basis for different variants present in the most diverse campaigns.
THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
THREAT INTELLIGENCE 20/June/2023 Stooge Accounts: the final link in cybercrime money laundering in Brazil Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
THREAT INTELLIGENCE 11/July/2022 Stealers, access sales and ransomware: supply chain and business models in cybercrime Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
