🚨 On February 26th and 27th Telekom Security and Bayern-CERT observed threat actor #TA577 phishing campaigns. This time the actor is not spreading malware, but apparently uses NTLMv2 handshakes to steal user credentials/hashes. 🧵1/7

It’s TDR Day wooooo! 🥳🎉

TDR Day 🥳🎉 also means it’s Threat Sounds release day!!! Vol. 4 has dropped and it’s epic, y’all! 🔥 redcanary.com/threat-sounds/

I do not have words for how much this delights me. These loud little birds are one of my favorite things in the world. Look ye upon this glorious wrendering that captures their noisy bossy chaos. Absolutely wonderful, Sean Gallagher ⚡️🐀

Tax season springs financially-themed phishing lures on users, and vulnerabilities continue to sprout up in this month’s edition of Intelligence Insights. redcanary.com/blog/intellige…

Keeping up with threats and trends can feel like navigating a labyrinth in the dark. Stef Rand & Tony Lambert explore topics from our 2024 Threat Detection Report, including initial access tradecraft, cloud abuse, identity attacks, and more. 🎬 🍿 youtu.be/4HTd6boLPDc

It's Koi phishing season! Red Canary Intel has been tracking an activity cluster that drops Koi Loader and a final payload of a .NET stealer. redcanary.com/blog/threat-in…

This month's newcomers: 🏵️ Amber Albatross, which starts with a potentially unwanted program and ultimately leads to a pyInstaller executable with stealer capabilities 💸 dllFake, a malware family that primarily targets browsers and crypto wallets redcanary.com/blog/threat-in…

Keep tabs on ChromeLoader and other browser-related threats in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

At the end of August 2024, Red Canary observed ransomware incidents that leveraged VPNs both as an initial access vector and to facilitate further access within organizations. redcanary.com/blog/threat-in…

Removal Complete! Salmon can now access much more cold water habitat and excellent spawning grounds… oregonlive.com/native-america…

ChromeLoader and SocGholish remained our top threats in September, but a new technique stood out, tricking users into copying a PowerShell script, pasting it into Windows Run, and executing malicious code that leads to LummaC2: redcanary.com/blog/threat-in…

📈 We've seen a spike in LummaC2 stealer activity over the last two months. Get detection guidance and more in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

HijackLoader—a newcomer to our monthly top 10 list—is fond of renaming executables, which presents a detection opportunity. Learn more in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

Stef Rand Get more of this month's Intelligence Insights here: redcanary.com/blog/threat-in…

Exciting update to our blog! As part of our ongoing research we identified some public Github repos being leveraged that, I'm happy to say, are no longer active! More details--plus some IOCs for still-active sites--in the update.

🆕 Two emerging threats make their debuts in our top 10 list: Infrared Ibis and Saffron Starling Get detection opportunities and more in this month's edition of Intelligence Insights. redcanary.com/blog/threat-in…

📣 The 2025 Threat Detection Report is here! Dive into our analysis of 93,000 threats our customers' security controls missed, with actionable guidance on every page. Read the ungated report here: redcanary.com/threat-detecti…

📈 After ranking first for the whole year in our newly released Threat Detection Report, SocGholish takes the number one spot in our 10 top threat list for the month as well. Learn more about fake browser updates and worms in this month's edition of Intelligence Insights.