Company > Blog

News and views from the leading voice in secure digital transformation

Hero Panel Image
Security Research
Ransomware hacker
Ransomware
3 Min read

DoppelPaymer Continues to Cause Grief Through Rebranding

In early May 2021, DoppelPaymer ransomware activity dropped significantly. Although the DoppelPaymer leak site still remains online, there has not been a new victim post since May 6, 2021. In addition, no victim posts have been updated since the end of June. This lull is likely a reaction to the Colonial Pipeline ransomware attack which occurred on...
Joker Joking in Google Play
Insights and Research
8 Min read

Joker Joking in Google Play

Joker is one of the most prominent malware families targeting Android devices. Despite public awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques. This spyware is designed to steal SMS messages, contact lists, a...
office buildings
Zscaler Cloud Platform
2 Min read

IoT in the Enterprise Report: Empty Office Edition

It happened overnight for many enterprises. Bustling offices turned into desolate spaces--abandoning plants to die, snacks to go stale, and calendars to remain frozen in time. And like out of a movie, amidst the eerie quiet there was something still alive and buzzing with activity. Neglected in the buildings, set top boxes, digital signage, netw...
Spear Phishing attack
Insights and Research
7 Min read

Targeted Attack on Government Organizations Delivers Netwire RAT

The Zscaler ThreatLabz team has observed an interesting spear phishing campaign beginning July 2021 in which a threat actor is targeting a wide range of organizations in Pakistan. NetwiredRC is being used as the final payload in this attack campaign. The combination of spear phishing and the use of information stealing RAT indicates that this is no...
threats
Insights and Research
3 Min read

ThreatLabZ June 2021 Report: Deconstructing Kaseya Supply-Chain Attack and the Minebridge RAT Campaign

This post also appeared on the CXO REvolutionaries site. Read more here. With the petabytes of daily data transactions it secures, the Zscaler ThreatLabZ security research team has a unique view of the latest cybersecurity trends and, more importantly, threat activity. This month, we deconstructed the new Kaseya VSA supply-chain attack and took ...
supply chain ransomware attack
Insights and Research
5 Min read

Stop the Next Kaseya Attack

Watch the on-demand replay of the July 13th ThreatLabz webinar for a deep dive into the Kaseya attack and how to defend against it. While Americans were prepping for their long Fourth of July weekends, cybercriminals were preparing a widespread ransomware attack on businesses around the world using a vulnerability in the Kaseya VSA remote monit...
REvil ransomware attack
Insights and Research
8 Min read

Kaseya Supply Chain Ransomware Attack - Technical Analysis of the REvil Payload

On July 2, 2021, Kaseya, an IT Management software firm, disclosed a security incident impacting their on-premises version of Kaseya's Virtual System Administrator (VSA) software. Kaseya VSA is a cloud-based Managed Service Provider (MSP) platform that allows service providers to perform patch management, backups, and client monitoring for their cu...
Supply Chain Attack, Ransomware REvil
Insights and Research
3 Min read

Coverage Advisory for Kaseya VSA Supply-Chain Ransomware Attack

Background On July 2, 2021, Kaseya, an IT Management software firm, disclosed a security incident impacting their on-prem version of Kaseya VSA software. Kaseya VSA is a cloud-based MSP platform that allows service providers to perform patch management, backups, and client monitoring for their customers. As per Kaseya, the majority of their cust...
Minebridge RAT
Insights and Research
9 Min read

Demystifying the full attack chain of MineBridge RAT

Introduction In March 2021, threat actors started distributing MineBridge RAT with an updated distribution mechanism. Morphisec blogged about the partial attack chain of this new attack but they could not find the origin or initial stages of the attack chain. In May 2021, Zscaler ThreatLabz was able to uncover all the components of this compl...
Advisory For Email Based Attack From Nobelium
Insights and Research
2 Min read

Coverage Advisory For Email Based Attack From Nobelium

Background: On 27th May Microsoft released a blog on a very sophisticated attack conducted by the threat actor, named Nobelium. While it is believed that threat actor kept changing the initial attack vector multiple times in past few months, the latest technique of abusing mass email service to send spear phishing emails targeted approximately 3...

Explore More Topics