THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
THREAT INTELLIGENCE 20/June/2023 Stooge Accounts: the final link in cybercrime money laundering in Brazil Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
THREAT INTELLIGENCE 11/July/2022 Stealers, access sales and ransomware: supply chain and business models in cybercrime Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
THREAT INTELLIGENCE 20/June/2023 Stooge Accounts: the final link in cybercrime money laundering in Brazil Investigation reveals the obscure trade in orange accounts: learn about the values, tactics and risks involved in this criminal practice used by fraudsters to receive money from financial fraud
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
THREAT INTELLIGENCE 11/July/2022 Stealers, access sales and ransomware: supply chain and business models in cybercrime Although incidents arising from such activities happen mostly in the computational universe, their impacts are not restricted to the digital world, and can affect people, institutions, cities, or even countries
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
