Another day, another breach. Although, this time, the victim is the Metropolitan Police Department in Washington D.C. and the breach was induced by double-extortion ransomware known as Babuk. The group behind the ransomware attack, the Babuk Ransomware Group, hosts a webpage of their leaks with their most recent addition being the DC Police. The original leak of information was … [Read more...]
Deobfuscating a Dropper for a ZLoader Trojan Variant
On March 18th, 2021, the DNSWatch Tailored Analysis Team received an email from an internal WatchGuard employee who deemed the email as suspicious. The initial email included an attachment with the title Attachment_57904. A DNSWatch Analyst performed an initial assessment of the file in search of any malicious indicators or behaviors only to discover that the file was a heavily … [Read more...]
Alleged Acer REvil Ransomware Infection Breaks Record with $50+ Million Demand
The REvil ransomware group has come to prominence recently by infecting networks around the world with ransomware and demanding large sums of money from their victims. The group commonly posts proof of their successful ransomware efforts on their blog, called Happy Blog, where one of their most recent victims, Acer, has appeared on the list. Acer has yet to confirm the … [Read more...]
Exchange Server Vulnerabilities Actively Exploited in the Wild
(Updated 03/10/2021 to include defensive tips) As the cybersecurity community continues to reel with the sweeping effects of the SolarWinds attack, the Microsoft Threat Intelligence Center (MSTIC) has released information about another widespread campaign targeting Exchange servers. It has been found that a state-sponsored threat actor operating out of China, which they are … [Read more...]
Catching a Rookie Mistake in a Facebook Phish
WatchGuard’s DNS-level protection and filtering service, DNSWatch, receives and processes numerous phishes every day. Many of these phishing attempts are monotonous and lack any unique qualities. However, periodically, the DNSWatch Tailored Analysis team triages a phishing attempt that stands out more than others. This short post will show a real-world phish that DNSWatch … [Read more...]