A tool to help organizations scan their Citrix ADC appliances for evidence of post-exploitation activity related to CVE-2023-3519.

We discuss SAIGON, banking malware most likely based on the source code of the v3 variant of Ursnif.

Tracking threat groups over time is an important tool to help defenders hunt for evil on networks and conduct effective incident response. Knowing how certain groups operate makes for an efficient investigation and assists in easily identifying threat actor activity.

FireEye Threat Intelligence identified a spear phishing email targeting government entities in Ukraine.

One of the main goals of evaluating a ransomware sample is to determine what kind of cryptography the sample uses, and that's exactly what we did for BLACKMATTER ransomware.

Zero-day exploitation of vulnerabilities beginning as early as December 2023 by a suspected espionage threat actor.

Additional techniques UNC3886 has utilized across multiple organizations to keep out of the sights of EDR solutions.

A suspected Chinese actor used a zero-day vulnerability in FortiOS and multiple custom malware families as part of an espionage campaign.

Our analysis of documents detailing previous Russian investments and considerations to scale cyber operations and capability development.

UNC4841 has continued to show sophistication and adaptability in response to Barracuda ESG zero-day remediation efforts.