Category: Reports & Threat Intel

APEX™ Report Insight

Prevailion’s first APEX™ Report demonstrates its unique visibility into the top compromised industries. Prevailion is an evolved solution for an evolved threat. We believe the next generation of intelligence that will lead businesses into a new era of security is Compromise Intelligence. This report shows the active compromises that organizations are up against.  

TA 505 – Global Ransomware Criminals

Prevailion’s Tailored Intelligence Team has continued to follow an evolving threat actor group dubbed TA505 – a known cyber criminal organization that has likely been active since at least 2017, whose motives are speculated to be financial in nature. This group has been known to infect victims through business email compromise. Once a victim’s system is initially compromised, TA505 has been observed utilizing a wide variety of commercially available and custom remote access trojans. Upon gaining access, with a trojan in the network, they have been observed stealing sensitive financial data and in some cases deploying ransomware as recently as October of 2019.

Summer Mirage

The Tailored Intelligence Team at Prevailion has uncovered new aspects of sophisticated campaigns that we associate with high confidence to the Muddy Water threat actors. Security researchers, such as FireEye, have stated Muddy Water’ activity was tied to a group with an Iran-nexus. We have dubbed this campaign “Summer Mirage,” and we assess that it is a continuation of activity previously reported campaign called “BlackWater”.

Threat Summary: Operation BlockChain Gang; Advanced Exploits, Commodity Tools

The research team at Prevailion has detected and analyzed Linux and Windows remote-access trojans associated with the advanced threat actor known as “HydSeven.” This threat group initially maintained a relatively low profile through the use of bespoke commodity malware. However, they caught the attention of the information security community when performing a highly targeted spear-phishing operation in the summer of 2019.

MasterMana campaign infographic

MasterMana BotNet

The team at Prevailion has uncovered new details concerning “MasterMana Botnet,” an ongoing cyber-crime campaign that hits all of the cyber bingo buzzwords: business email compromise, backdoors, and cryptocurrency wallets. There are indications this operation — which targeted corporations around the world for less than the cost of a night at the baseball park — was still active as late as 24 September 2019.

Image of SSB phishing lure used to target victims - Word doc

Autumn Aperture Report

In what is assessed to be an expansion of a coordinated effort to target U.S.-based entities, an emerging and increasingly sophisticated campaign employing obscure file formats poses significant risk — and highlights the need for vigilance around third-party relations.

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.