Category: Reports & Threat Intel

Apex Report Header image Q1 2020

The Q1 2020 APEX™ Report

How did a group of criminals come to be responsible for such a costly enterprise? Threat actors are distributed, and they don’t form one cohesive group,  but the holes they’ve punched in organizations and governments through infiltration, compromises, and breaches have collectively amounted to this staggering estimate.

Phantom in the Command Shell

Prevailion’s Tailored Intelligence Team has detected two new criminal campaigns targeting the global financial industry with the EVILNUM malware, one of which became active on May 3rd 2020. We have dubbed these new operations “Phantom in the [Command] Shell”.

Image of Prevailion TA505 activity map - March 2019

Map of TA505 Activity Shows Global Foothold After Necurs Botnet Goes Dark

Just shy of a week after Microsoft squeezed cyber criminals out of the prolific Necurs botnet infrastructure, threat actors like TA505 still maintain a foothold on networks throughout the world. Findings from Prevailion’s compromise intelligence platform on Wednesday showed the IP addresses TA505 have actively infected around the globe. Prevailion’s Chief Data Scientist Nate Winslow […]

The Curious Case of the Criminal Curriculum Vitae

The Tailored Intelligence Team at Prevailion has detected a new campaign—at least a facet of which is currently active—dubbed The Curious Case of the Criminal Curriculum Vitae.

PHP’s Labyrinth – Weaponized WordPress Themes & Plugins

Prevailion’s Tailored Intelligence team has followed an active supply chain attack that has been ongoing since late 2017, we named this campaign “PHPs Labyrinth.”

The Triune Threat: MasterMana Returns

Prevailion’s Tailored Intelligence team has discovered new campaigns associated with the Gorgon Group, suspected Pakistani based actors, who previously operated the MasterMana botnet. While this group relied upon an amalgamation of multiple open-source and commercially available tools, they have proven themselves to be highly capable.

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.