Threat Research
Ukraine Targeted by Dark Crystal RAT (DCRat)
FortiGuard Labs discovered an attack campaign using malicious Excel macros. Read more to find out how it works and evasive tactics used to ultimately install Dark Crystal RAT onto a victim’s machine.
New Adobe Illustrator Patches Address Multiple Zero Day Vulnerabilities Discovered by FortiGuard Labs
FortiGuard Labs discovered and reported five zero-day vulnerabilities in Adobe Illustrator, which Adobe already released a security patch that fixed these vulnerabilities. Read our blog to learn more about patching these vulnerabilities.
Guidance On an Ongoing Hacktivist Operation #Opspatuk Conducted by The Malaysian Hacktivist Threat Group 'DragonForce' Against Indian Organizations
Fortinet is proactively monitoring the OpsPatuk events by the hacktivist group DragonForce and will provide updates as events develop. Read our blog for details about the operation and steps to take to mitigate cyber risk.
New IceXLoader 3.0 – Developers Warm Up to Nim
FortiGuard Labs discovered version 3.0 of IceXLoader, a new malware loader. Read our blog for the technical details of how it behaves and the potential malware that it can deliver in an infected system.
Threat Actors Prey on Eager Travelers
With travel becoming more frequent, it is essential for travelers to understand that malicious actors are also eager to leverage travel as an opportunity to deliver malware. Read our blog to learn about a few examples of attacks that FortiGuard Labs recently discovered focused on travel lures.
CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina”
FortiGuard Labs researchers provide an analysis of CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE vulnerability “Follina.” Read to learn more about this critical vulnerability and how to take corrective action until Microsoft releases a patch.
Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II
FortiGuard Labs discovered a phishing campaign delivering fileless malware AveMariaRAT, BitRAT, and PandoraHVNC to steal sensitive information from a victim’s device. Read part II of our analysis to find out more about the malware payload details and the control commands.
New Nokoyawa Variant Catching Up to Peers with Blatant Code Reuse
FortiGuard Labs discovered a new variant of the Nokoyawa ransomware and observed that it has been evolving by reusing code from publicly available sources. Read our blog to learn more about the behavior and new features which maximize the number of files that can be encrypted.
Spoofed Saudi Purchase Order Drops GuLoader: Part 1
FortiGuard Labs recently discovered a social engineering email lure with a message delivered to a company in Ukraine. In part I of our blog, we will analyze the phishing email and provide an analysis of the embedded malware which contains an executable for GuLoader.
Chaos Ransomware Variant Sides with Russia
FortiGuard Labs recently came across a variant of Chaos ransomware that appears to side with Russia. Read to find out more about the destructive outcome the variant beings to a compromised machine.
