menu

Contact Us

1 (800) 723-1166 |

malicious

Homemalicious
Homemalicious

MONSOON - Analysis Of An APT Campaign

MONSOON is the name given to the Forcepoint Security Labs™ investigation into an ongoing espionage campaign that the Special Investigations team have been tracking and analysing since May 2016. We have released our technical analysis in the form of a whitepaper. A download link is provided below.

Uncovering A Malicious Traffic Direction System (Blackhat-TDS)

Recently an actor has been using domains like realstatistics[.]info to direct users to exploit kits. These domains are injected as scripts into compromised websites, resulting in drive-by attacks on browsers. The domains are used as Traffic Direction Systems (TDS) which determine whether or not a target is of interest and should be sent to the malicious site or not.

Cerber Actor Distributing Malware Over E-mail Via WSF Files

Last week we tracked an interesting e-mail campaign that was distributing double zipped files with Windows Script Files (WSFs) inside. When executed, these WSFs downloaded the Cerber crypto-ransomware. Cerber has previously been seen distributed via exploit kits and over e-mail using DOC files with macros. This is the first time that we have seen Cerber distributed via the use of WSFs.