Company > Blogs

News and views from the leading voice
in secure digital transformation

Hero Panel Image
Security Research
Malware campaign
Insights and Research
11 Min read

A look at HydroJiin campaign

Zscaler ThreatLabZ recently came across an interesting campaign involving multiple infostealer RAT families and miner malware. We’ve dubbed the campaign “HydroJiin” based on aliases used by the threat actor. The threat actor is in the business of selling malware, and lurks around in online forums that are common hangouts for neophyte to mid-level c...
Cover Image
Insights and Research
11 Min read

Android apps targeting JIO users in India

Introduction In March 2021, through Zscaler cloud we identified a few download requests for malicious Android applications which were hosted on sites crafted by the threat actor to social engineer users in India. This threat actor leverages latest events and news related to India as a social engineering theme in order to lure users to download a...
Ares malware
Insights and Research
17 Min read

Ares Malware: The Grandson of the Kronos Banking Trojan

Kronos is a banking trojan that first emerged in 2014 and marketed in underground forums as a crimeware kit to conduct credit card, identity theft, and wire fraud. In September 2018, a new Kronos variant named Osiris introduced several new features including TOR for command and control (C2) communications. The last update to Osiris appears to have ...
Cover image
Insights and Research
18 Min read

Low-volume multi-stage attack leveraging AzureEdge and Shopify CDNs

Introduction In Feb 2021, Threatlabz observed a few instances of a low-volume multi-stage web attack in Zscaler cloud. This web attack leveraged legitimate servers of Microsoft (azureedge.net), Dropbox and content delivery network of Shopify (cdn.shopify.com) to host the malicious files. The attack chain started from a Wordpress site with a c...
Zero day attack
Insights and Research
4 Min read

Disrupt the Microsoft Exchange Attacks with Zscaler Zero Trust Architecture

The recent Microsoft Exchange server attacks have reportedly impacted 30,000+ organizations in the United States and 100,000+ organizations globally. Originally attributed to the Chinese threat group HAFNIUM, other threat actors are now believed to be using this vulnerability to steal administrator passwords, write and execute files, and gain acces...
cyberattack
Insights and Research
6 Min read

Microsoft-Themed Phishing Attack Targets Executives Using Fake Google reCAPTCHA Technique

ThreatLabZ, the Zscaler threat research team, recently observed a new series of Microsoft-themed phishing attacks aimed at senior-level employees at multiple organizations. The Zscaler cloud has blocked over 2,500 of these phishing attempts over the last three months. The attack is notable for its targeted aim at senior business leaders with titles...
Zero-day Exploits Related to Microsoft Exchange Servers
Insights and Research
3 Min read

Coverage Advisory for Exploits Related to Microsoft Exchange Servers

Update [19-Mar-2021] Microsoft has released to GitHub the new Microsoft Exchange On-Premises Mitigation Tool and posted a blog with step-by-step instructions on how to use the tool. This is a free, one-click tool designed to help customers who have not yet applied the on-premises Exchange security update to temporarily protect their servers prio...
cover image
Insights and Research
10 Min read

Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

Introduction In Jan 2021, Zscaler ThreatLabZ discovered new instances of the MINEBRIDGE remote-access Trojan (RAT) embedded in macro-based Word document files crafted to look like valid job resumes (CVs). Such lures are often used as social engineering schemes by threat actors. MINEBRIDGE buries itself into the vulnerable remote desktop ...
Distributing malware through chat services
Insights and Research
10 Min read

Discord CDN: A Popular Choice for Hosting Malicious Payloads

Introduction Since the onset of the pandemic, the internet has become a central part of our lives. People of all ages turned online for school and work, to stream videos, to play video games, have virtual get-togethers, shop, talk to their doctor, and engage in any number of other activities. During 2020, research showed a sharp increase in g...
botnet
Insights and Research
5 Min read

Did COVID Cancel Christmas for Cybercriminals?

ThreatLabZ, the security research team at Zscaler, is responsible for monitoring and tracking global cybercrime activity, which typically drops each year around the Russian Orthodox Christmas on January 7th. In most years, activity increases back to normal near the middle to end of January. However, in 2021, cybercrime activity did not exhibit this...

Explore More Topics