Type: Blogs

Abraham's Ax Likely Linked to Moses Staff

Both personas are likely operated by the Iranian COBALT SAPLING threat group.

Learn how CTU researchers observed similarities between the Moses Staff hacktivist group personal and the Abraham's Ax personal, suggesting they are likely operated by the same entity.

Type: Blogs

Drokbk Malware Uses GitHub as Dead Drop Resolver

A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence.

A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence.

A Winning Combination: Hardening, Early Threat Detection, and Rapid Response

How proactively hardening Active Directory and investing in the Taegis ManagedXDR service quickly contained a breach.

A story from the Secureworks® incident response (IR) trenches reveals how much work went into ensuring that "nothing bad happened" after a customer missed a patch on a web server.

2022 State of the Threat: A Year in Review

Ransomware, loaders, stealers, zero-day exploits, cyberwarfare, espionage: the cyber threats kept coming in 2022 – and threat actors are growing in skill and stealth.

Ransomware, loaders, stealers, zero-day exploits, cyberwarfare, espionage: the cyber threats kept coming in 2022 – and threat actors are growing in skill and stealth.

Opsec Mistakes Reveal COBALT MIRAGE Threat Actors

Artifacts exposed personas and companies associated with the Iranian threat group.

Artifacts exposed personas and companies associated with the Iranian threat group.

Type: Blogs

BRONZE PRESIDENT Targets Government Officials

The likely Chinese government-sponsored threat group uses decoy documents and PlugX malware to compromise targets.

The likely Chinese government-sponsored threat group uses decoy documents and PlugX malware to compromise targets.