Threat Intel - Blackpoint Cyber

The details matter

Don’t let threats catch you unaware. Blackpoint’s expert team endeavors to collect and collate incoming threat intel, patches, and workarounds in one central location so you can see things unfold in real-time and know exactly how to respond.

Browse Blackpoint’s Threat Intel

BlackSuit Ransomware

Abyss Ransomware

Lynx Ransomware

SOC Insights: Pre-Ransomware Threats and Obfuscated PowerShell

DragonForce Ransomware

SOC Insights: Lumma Stealer and DarkGate Malware spanning over 772 incidents

Alphv Ransomware

A Deep Dive into Recent Obfuscated PowerShell, Zoho Assist, and NetSupport RAT Attacks

BianLian Ransomware

Akira Ransomware

Hunters International Ransomware

Mitigation Lessons from 598 Incident Responses: DarkGate Malware, LotL Techniques, and Rclone Attacks

Trojan Malware, Powershell Attacks, and Credential-Stealing

Scheduled Tasks, AnyDesk, and VPN Compromise

Rust-Based Ransomware is Advancing on MSPs

Greenshot, AnyDesk, TeamViewer, Classroom Spy Pro, ProcDump, and Mimikatz

Alert: Active Exploit of Critical SonicWall CVE via SSLVPN for Initial Access

Alert: New Critical Veeam CVEs Expose Backups to Ransomware Gangs

Azorult Stealer, AsyncRAT, and Trojan Malware

Qilin Ransomware

Ransomhub Ransomware

AsyncRAT, Lumma Stealer, and Ransomhub Ransomware

Modern Cyber Threat Intelligence Conversation with SecurityGuyTV

Raspberry Robin, ScreenConnect, AteraAgent, RDP, whoami, & SharpShares

Vanilla Tempest, Oyster Backdoor, NetSupport RAT, and Unknown Infostealers

SYS01 Stealer, Ratty Rat, and AsyncRAT

CrowdStrike BSOD Help, Advanced IP Scanner, TeamViewer, NetSupport RAT, and AsyncRAT

LuminousMoth, Tnega Malware, Advanced IP Scanner, RDP Abuse, and SolarMarker

Brute Ratel, Advanced IP Scanner, and NetSupport RAT

Beyond Phishing: Three More Ways Adversaries Complicate Initial Intrusion

Thought Leadership

AsyncRAT, NetSupport RAT, and VssAdmin Abuse for Shadow Copy Deletion

Potential BianLian Ransomware, TeamViewer, and BitLocker

Netscan.exe, Mimikatz, Angry IP Scanner, and RMM Tool Abuse

ChromeLoader, Malicious “Innovation Systems” Task, and RDP Abuse

MITRE ATT&CK T1091: Replication Through Removable Media

ChromeLoader, Telegram, RustDesk, and Tailscale

FIN7 Threat Group

NTLM Credential Theft and Gootloader

Devos Ransomware, RDP, and NetSupport RAT

Vidar Stealer

Sangria Tempest, SocGholish, and BITS Download

SocGholish Loader Malware

RATs, Malicious PC Hunter, AnyDesk Abuse, and Malicious PowerShell Scripts

FortiClient EMS, Ivanti, and Palo Alto

WebBrowserPassView, Process Hollowing, and LotL Tool Abuse

DarkGate, SolarMarker, and Malicious PowerShell Commands

Understanding Penetration Testing: Beyond Vulnerability Scans

Mimikatz, LaZagne, CredentialsFileView, Raspberry Robin, and Scheduled Tasks Abuse: The Blackpoint SOC’s Week in Review for April 4, 2024

FortiClientEMS Vulnerability, Akira Ransomware, and Gootloader: The Blackpoint SOC’s Week in Review for March 29, 2024

Vulnerable RMM Tools and Vulnerable Industries: Why Vigilance is Key

Annual Threat Report Webinar 2024

This Week in Review: AnyDesk, TeamViewer, QuickBooks, and IsErIk Malware

This Week in Review: Ligolo Tunneler, Neshta, Purple Fox, and More

Blackpoint Cyber Annual Threat Report 2024

This Week in Review: ScreenConnect “Updates,” Vidar Malware, & Malicious ZIP Files

Medusa and Midnight Blizzard: How Strong Passwords & MFA Still Help

Soc Insights 2-23-2024

This Week in Review: ScreenConnect, QuickBooks, Teamviewer, & More

Don’t arm the enemy. Safeguard your allies

Breaking Through the Screen

Don’t arm the enemy. Safeguard your allies.

Thought Leadership

ConnectWise ScreenConnect Vulnerabilities

ConnectWise ScreenConnect Vulnerabilities

Demystifying the Dark Web

RotM Ep 8

008: Shedding Light on the Dark Web

People & Culture

Blackpoint SOC Protects Against Recent AnyDesk Compromise

Mother of All breaches

The Mother of All Breaches…or Is It?

eBook mockup

The 5 Most Dominant Threat Actors of 2023

BlackCat Ransomware Group Taken Down, but Ransomware Threats Persist

APG Threat Digest

APG Threat Digest: 22nd Edition

Blackpoint’s 2024 Cyberthreat Predictions

APG Threat Digest

APG Threat Digest: 21st Edition

APG Threat Digest

APG Threat Digest: 20th Edition

APG Threat Digest

APG Threat Digest: 19th Edition

APG Threat Digest

APG Threat Digest: 18th Edition

Top Data Breaches in the Last Year Infographic Mockup

Top Data Breaches in the Last Year

People & Culture

APG Threat Digest

APG Threat Digest: 17th Edition

Case Study Mockup

Strengthening Google Workspace Security

APG Threat Digest

APG Threat Digest: 16th Edition

APG Threat Digest

APG Threat Digest: 15th Edition

ebook mockup

Top Five Cloud Security Threats

APG Threat Digest

APG Threat Digest: 14th Edition

Threat Intel - Scan with Caution: The Light and Dark Sides of QR Codes

Scan with Caution: The Light and Dark Sides of QR Codes

APG Threat Digest

APG Threat Digest: 13th Edition

APG Threat Intel: FIN8 Strikes Again

FIN8 Strikes Again: Advanced Tactics in Recent Cyber Assault

APG Threat Digest

APG Threat Digest: 12th Edition

Threat Intel: Patch It Up: WS_FTP Server's Unplanned Fixes

Patch It Up: WS_FTP Server’s Unplanned Fixes

Threat intel: Shedding Light on Cyberthreats: APT34's Menorah Malware

Shedding Light on Cyberthreats: APT34’s Menorah Malware

From Chrome to Everywhere: The Ever-Expanding CVE-2023-4863

APG Threat Intel:Unmasking Ransomed.vc: The New Kid on the Cyber Block

Unmasking Ransomed.vc: The New Kid on the Cyber Block

FBI and CISA Team Up to Combat Snatch Ransomware

When Vulnerabilities Collide: Juniper’s Critical Collision

Viva Las Vulnerabilities: MGM Hit by ALPHV Ransomware

Azure HDInsight Battles Against XSS Vulnerabilities

Top Threat Actor Tactics You Should Be Aware Of: Understanding Cyberthreats in the Digital Age

Thought Leadership

APG Threat Intel: Cisco ASA SSL VPN Appliances Under Fire

Cisco ASA SSL VPN Appliances Under Fire

APG Threat Intel

Unmasking the Acquired Key: Microsoft and Storm-0558’s Tale

Blackpoint Stops Microsoft Intune Abuse in Under One Minute Case Study

Blackpoint Stops Microsoft Intune Abuse in Under One Minute

Excel-lent Phishing Campaign with Agent Tesla Variant

Put on Your Cyber Gloves: BLISTER Loader Resurfaced

Okta’s Social Engineering Escalations

APG Threat Intel for August 31, 2023

MalDoc in PDF: The Word Doc and PDF Team Up

Qakbot’s Quack Attack Comes to an End

APG Threat Intel: Proxy Party of Peril: Malware and Proxy Team Up

Proxy Party of Peril: Malware and Proxy Team Up

China’s High-Stakes Cyber Shenanigans: Cert Theft & DLL Hijacking

Meet Rhysida: The ‘Helpful’ Cybersecurity Team with a Dark Side

Midnight Blizzard Mixes Up Microsoft 365

The SSM Agent’s Secret Identity: Unmasking the RAT Within

APG Threat Intel: Pebbles Aren't Alone

Pebbles Aren’t Alone: The Fruity Find Making Waves in Cybersecurity

Abusing the Microsoft “search”/”search-ms” URI Protocol

Adversary Pursuit Group Threat Intel

Nitrogen’s Malvertising Mayhem: When Ads Go Rogue!

APG Threat Intel: MikroTik Vulnerability

MikroTik Vulnerability Emerges from the Past

APG Threat Intel: Apple Combats Zero-Day Zero-Click Campaign

Apple Combats Zero-Day Zero-Click Campaign

APG Threat Intel : Redis on the Run

Redis on the Run: P2PInfect Worm Attacks

APG Threat Intel: Identity Crisis in the Cloud

Identity Crisis in the Cloud: Storm-0558 and the Forged Access Key

APG Threat Intel on July 21, 2023--FIN8's Latest Remix: Sardonic with Noberus

FIN8’s Latest Remix: Sardonic with Noberus

APG Threat Intel on July 20, 2023--WormGPT: The New Bait in Phishing and BEC Attacks

WormGPT: The New Bait in Phishing and BEC Attacks

Exploding Back into the Picture: TeamTNT Makes a Comeback

SocGholish: Haunting the Digital Realm for Over Five Years

APG Threat Intel: Zero day fireworks

Zero-Day Fireworks: Microsoft’s July Patch Party

A Glimpse at Ransomware Roundup: APG Explores the Latest Threat Actors and Variants

APG Threat Intel: Sign here, Malware there

Sign Here, Malware There: Forged Kernel-Mode Driver Signatures

Blackpoint Blog from APG: An Update on Moveit Vulnerability

An Update on the MOVEit Vulnerability

On Demand Webinar: Blackpoint Command Session 15

Blackpoint Command Session 15: Building a Threat-Informed Security Stack that Sells

Thought Leadership

Mockup of Blackpoint Cyber Detains Qakbot Information-Stealing Malware

Blackpoint Cyber Detains Qakbot Information-Stealing Malware

A Deep Dive Into the 3CXDesktopApp Security Vulnerability

Blackpoint Blog: 2023 Cyberthreats to Watch for

2023 Cyberthreats to Watch Out For

Laptop with window alert

With .one Foot in the Door

Tech Tuesday Blog Post: ChilieLocker's Chilling Mistakes

ChileLocker’s Chilling Mistakes

In the Chaos of Lorenz, APG sORted It Out

IT Tools, Infostealers, and Account Compromise On Demand Webinar

IT Tools, Infostealers, and Account Compromise – Blackpoint’s Threat Operations Year in Review

Thought Leadership

On-Demand Webinar: Nation States' Impact on Cyber Insurance

Nation States’ Impact on Cyber Insurance

Thought Leadership

Thumbnail for But is MFA Enough Webinar

But is MFA Enough? Unpacking Business Email Compromise

Unearthing Project Relic Whitepaper

Unearthing Project Relic

Thought Leadership

Blackpoint Responds to Business Email Compromise Case Study

Blackpoint Responds to Business Email Compromise

Ratting Out Arechclient2 Whitepaper

Ratting Out Arechclient2

Blackpoint Blog Post covering a summary of the Arechclient2 whitepaper

Blackpoint Overwatch: Executive Summary of Ratting Out Arechclient2

Emerging Threat Briefing On-Demand Webinar

Emerging Threat Briefing

The Unfair Fight Episode 16

Episode 16: Lessons Learned from Zero-Day Attacks with APG

Thought Leadership

Blackpoint Blog post from September 2022 about combatting industry myths with MDR intel

Combatting Industry Myths with MDR Intel

Thought Leadership

The Unfair Fight Episode 14

Episode 14: New Tactics and Techniques From the Bad Guys

Thought Leadership

Tech Tuesday Blog Post: Eye Spy – The Dangers of Legal Malware

Tech Tuesday: Eye Spy – The Dangers of Legal Malware

Blackpoint Cyber eBook: Four Security Time Bombs

It’s Great, Until It’s Not: Four Security Time Bombs

Blackpoint ReCON 2022 On-Demand

The Unfair Fight Podcast Episode 11

Episode 11: Password Spraying, Email Impersonation, and Disinformation with David Rushmer

Blackpoint Blog about top 5 Reasons you won't want to miss Blackpoint ReCON 2022

5 Reasons You Won’t Want to Miss ReCON 2022

The Unfair Fight podcast episode 7

Episode 07: Breaking Down HAFNIUM, Staying Curious, and Advice for Budding Security Professionals

Malware on Trial

Tech Tuesday Blog Post Tarrask-ing for Trouble

Tarrask-ing for Trouble

vulnerabilities uncovered in SonicWall SMA appliances

Vulnerabilities Uncovered in SonicWall SMA Appliances

apache log4j RCE vulnerability

Apache Log4j RCE Vulnerability

critical microsoft print spooler service vulnerability exposed

Critical Microsoft Print Spooler Service Vulnerability Exposed

zero-day exploit found in Kaseya VSA

Zero-Day Exploit Found in Kaseya VSA

Blackpoint blog ransomware attack shuts down critical US pipleline

Ransomware attack shuts down critical US pipeline

threat actors exploit SonicWall email security vulnerability

Threat Actors Exploit SonicWall Email Security Vulnerabilities

significant increase in cyber attacks targeting accounting firms

Significant Increase in Cyber Attacks Targeting Accounting Firms

HAFNIUM hackers attack microsoft exchange servers

HAFNIUM Hackers Attack Microsoft Exchange Servers using Multiple Zero-day Vulnerabilities

Blackpoint blog post about a Florida water treatment center being hacked

Florida Water Treatment Center Hacked

Blackpoint blog post about sonicwall hack

SonicWall Hacked Using Zero-day vulnerabilities in its VPN Products

FBI warns of increasing ragnar locker ransomware attacks

FBI Warns of Increasing Ragnar Locker Ransomware Attacks

password exposure for fortinet devices vulnerable to CVE-2018-13379

Password Exposure for Fortinet Devices Vulnerable to CVE-2018-13379

critical vulnerability for SonicWall VPN (CVE-2020-5135)

Critical Vulnerability for SonicWall VPN (CVE-2020-5135)

critical windows MS-NRPC exploit (CVE-2020-1472) zerologon

Critical Windows “MS-NRPC” Exploit ZeroLogon (CVE-2020-1472)

Blackpoint blog post about passwords being leaked for Enterprise VPN

Passwords leaked for Enterprise VPN (CVE-2019-11510)

Blackpoint blog post about critical Microsoft DNS server vulnerability

Critical Microsoft DNS Server Vulnerability (CVE-2020-1350)

Blackpoint blog post about the VMware center server security vulnerability

VMware vCenter Server Security Vulnerability (CVE-2020-3952)

Blackpoint blog post about the CISA warning of Nation-State attacks

CISA Warns of Nation-State Attacks – Are You Prepared?

Blackpoint blog post about WannaCry deja vu

WannaCry Déjà Vu

Blackpoint blog about spear phishing campaign stopped by Blackpoint MDR

Spear Phishing Campaign Stopped by Blackpoint MDR

Blackpoint blog post about the olympic destroyer hack and how we would have stopped it

Olympic Destroyer Hack: How We Would’ve Stopped It

Stay in the Know

They say that knowing is half the battle. Get regular updates on all the latest in cybersecurity including threat intel, new Blackpoint capabilities, upcoming events, and more.