CYFIRMA Research CYFIRMA

India's Loksabha Elections 2024 hold immense significance, not only for the nation but also for the global democratic landscape. The scale and complexity of the electoral process make it susceptible to cyberattacks, especially with the proliferation of generative AI and deepfake technologies.Link to the Research Report: The Indian Election : The Grandest Spectacle of Democracy under AI Threat - CYFIRMA #Geopolitics #Cyfirmaresearch #ThreatIntelligence #cybersecurity #ETLM&...

Stay informed about the latest developments in cybersecurity with CYFIRMA's April 2024 Ransomware Report. This edition highlights a shift in the ransomware landscape, with Hunter group now dominating while LockBit's influence declined. The manufacturing sector emerges as a prime target globally, with the USA, Canada, the UK, Germany, and Brazil experiencing significant impacts.The report underscores the evolving tactics of ransomware groups, including rebranding efforts by HelloKitty and the ...

CYFIRMA’s Research team embarked on a mission to uncover a targeted attack on Indian defense personnel via WhatsApp Messenger. Suspected to originate from Pakistan, the threat actor deployed malicious Android apps disguised as "MNS NH Contact" and "Posted out off," aiming to gain unauthorized access to sensitive information.Our Investigation revealed the use of sophisticated social engineering tactics, with malicious apps designed to exploit vulnerabilities and evade detection. Notably, the a...

Palo Alto Networks has uncovered CVE-2024-3400, a critical vulnerability exploited by threat actor 'UTA0218' in a sophisticated two-stage attack. This flaw allows unauthorized command execution on vulnerable PAN-OS devices via a backdoor mechanism.Adding to the urgency, CISA has promptly listed CVE-2024-3400 in its Known Exploited Vulnerabilities catalogue. The risk of data breaches is high, with reports of sensitive data for sale on underground forums. Stay vigilant and safeguardyour digital...

At CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team have identified an open directory listing URLs containing highly obfuscated malicious Windows batch scripts in the wild, which executes a stealthy Monero (XMR) crypto miner as the final payload.This payload is unfolded after 5 stages of unpacking, with capabilities such as Anti analysis /debugging, privilege escalation, defense evasion, stealth executi...

Cyfirma research team discovered a new information stealer named Fletchen Stealer. It is a sophisticated information-stealing malware, offered by its creator as stealer-as-a-service for free that poses a significant threat to cybersecurity. A potent malware written in Rust which boasts advanced anti-analysis capabilities exhibits a high degree of resilience against detection and analysis. Its primary function is to steal sensitive data from compromised systems, including passwords, financial ...