Cobalt Strike Beacon, Sophos, Phishing

Covert Delivery of Cobalt Strike Beacon via Sophos Phishing Website

Key Takeaways Overview Cyble Research & Intelligence Labs (CRIL) came across a typosquatted domain of  Sophos, “sopbos[.]com”, using a VirusTotal search. The phishing site impersonates the installation of the Sophos Home. The initial infection vector is unclear at this time as we could not trace how users would be directed to this phishing site. Based …

Covert Delivery of Cobalt Strike Beacon via Sophos Phishing Website Read More »

Python Stealer, Tartar, Russia

Tatar-Language Users in the Crosshairs of Python Screenshotter

Key Takeaways • Cyble Research and Intelligence Labs (CRIL) came across Python malware capturing screenshots and sending them over FTP to remote attackers.• Proofpoint has observed similar campaigns in the recent past targeting the United States and Germany, with the perpetrator tracked as “TA866”.• This particular campaign targets Tatar language-speaking users who primarily reside in …

Tatar-Language Users in the Crosshairs of Python Screenshotter Read More »

Scroll to Top