Threat Research

Threat Research

Ukraine Targeted by Dark Crystal RAT (DCRat)

FortiGuard Labs discovered an attack campaign using malicious Excel macros. Read more to find out how it works and evasive tactics used to ultimately install Dark Crystal RAT onto a victim’s machine.

Threat Research

New Adobe Illustrator Patches Address Multiple Zero Day Vulnerabilities Discovered by FortiGuard Labs

FortiGuard Labs discovered and reported five zero-day vulnerabilities in Adobe Illustrator, which Adobe already released a security patch that fixed these vulnerabilities. Read our blog to learn more about patching these vulnerabilities.

By Yonghui Han June 21, 2022

Threat Research

Guidance On an Ongoing Hacktivist Operation #Opspatuk Conducted by The Malaysian Hacktivist Threat Group 'DragonForce' Against Indian Organizations

Fortinet is proactively monitoring the OpsPatuk events by the hacktivist group DragonForce and will provide updates as events develop. Read our blog for details about the operation and steps to take to mitigate cyber risk.

Threat Research

New IceXLoader 3.0 – Developers Warm Up to Nim

FortiGuard Labs discovered version 3.0 of IceXLoader, a new malware loader. Read our blog for the technical details of how it behaves and the potential malware that it can deliver in an infected system.

By Joie Salvio and Roy Tay June 15, 2022

Threat Research

Threat Actors Prey on Eager Travelers

With travel becoming more frequent, it is essential for travelers to understand that malicious actors are also eager to leverage travel as an opportunity to deliver malware. Read our blog to learn about a few examples of attacks that FortiGuard Labs recently discovered focused on travel lures.

Threat Research

CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina”

FortiGuard Labs researchers provide an analysis of CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE vulnerability “Follina.” Read to learn more about this critical vulnerability and how to take corrective action until Microsoft releases a patch.

Threat Research

Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II

FortiGuard Labs discovered a phishing campaign delivering fileless malware AveMariaRAT, BitRAT, and PandoraHVNC to steal sensitive information from a victim’s device. Read part II of our analysis to find out more about the malware payload details and the control commands.

By Xiaopeng Zhang May 27, 2022

Threat Research

New Nokoyawa Variant Catching Up to Peers with Blatant Code Reuse

FortiGuard Labs discovered a new variant of the Nokoyawa ransomware and observed that it has been evolving by reusing code from publicly available sources. Read our blog to learn more about the behavior and new features which maximize the number of files that can be encrypted.

By Joie Salvio and Roy Tay May 23, 2022

Threat Research

Spoofed Saudi Purchase Order Drops GuLoader: Part 1

FortiGuard Labs recently discovered a social engineering email lure with a message delivered to a company in Ukraine. In part I of our blog, we will analyze the phishing email and provide an analysis of the embedded malware which contains an executable for GuLoader.

By James Slaughter May 23, 2022

Threat Research

Chaos Ransomware Variant Sides with Russia

FortiGuard Labs recently came across a variant of Chaos ransomware that appears to side with Russia. Read to find out more about the destructive outcome the variant beings to a compromised machine.

By Gergely Revay and Shunichi Imano May 17, 2022