North Korea APT(?) and recent Ryuk Ransomware attacks

Our Threat Intelligence team has been tracking the Emotet botnet throughout 2018. In our previous post we reported a large scale Emotet campaign focused on e-mail content exfiltration. Today, we review the evidence gathered from our Telltale Threat Intelligence Service, which suggests the involvement of Emotet as the delivery mechanism... »


Emotet Awakens With New Campaign of Mass Email Exfiltration

The Emotet malware family just raised the stakes by adding email exfiltration to its arsenal, thereby escalating its capabilities to cyber espionage. While it has recently made headlines for delivering ransomware payloads to United States infrastructure such as Water Utilities, Emotet has laid mostly dormant for the past month. In... »


Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads

The Emotet botnet reputation precedes it; historically aggressive and malicious, today it has evolved and incorporated a number of advancements to create a more resilient botnet delivery system, nearly immune from takedown. Recently, US CERT reported that Emotet incidents (and its subsequent payload droppers) are affecting state, local, tribal, and... »


A Brief Look At North Korean Cryptography

With much attention lately over North Korea and its evolving cybersecurity capabilities, we thought to cover a somewhat related topic. A couple of years back, the North Korean Red Star OS was described at the Chaos Computer Club conference. Among other things, they described the watermarking mechanism used by the... »


Introducing Telltale and Addressing the Lingering Wannacry Threat

In light of the recent news circulating about sporadic WannaCry outbreaks, namely defense contractor Boeing and earlier last month Connecticut state agencies, as well as Honda, we think it important to provide further guidance on assessing ongoing and hidden dangers related to WannaCry outbreaks. To immediately begin reducing risk and... »