Getting to the Crux (Ransomware) of the Matter
Huntress has spotted a new ransomware variant that goes by the name “Crux”. Threat actors behind the Crux incidents claim that the ransomware variant is…
Category: ThreatIntelligence-IncidentResponse
Information to Insights: Intrusion Analysis Methodology
When you’re performing intrusion analysis, it’s easy to get disoriented. There are usually hundreds of Windows event IDs to sort through, generated by potentially thousands…
How to Identify Recruiting Scams and How Huntress Fights Back
Recruitment scams are a serious and growing problem. In fact, I recently received two texts with “amazing opportunities” myself. Talk about annoying! A fraudulent recruiting…
Iranian-linked actors are engaging in disruptive attacks
In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. In…
Iranian-linked actors are engaging in disruptive attacks
In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. In…
What Hollywood Movies Get Right (and Wrong) About Hacking
Hollywood: home of some of the craziest, cringiest, out-of-this-world hacking scenes. Maybe it’s two characters in NCIS partnering up in a strange attempt at isolation (literally…
Moving up the Assemblyline: Exposing malicious code in browser extensions
Browser extensions are ubiquitous, offering users enhanced functionality and customization. However, they also represent a significant, often overlooked, attack surface. The very nature of extensions—small…
The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0
The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a…
Huntress for CMMC Compliance | Huntress
TL;DR: Visit huntress.com/cmmc for the latest information on how Huntress helps support our customers and partners on their CMMC journey In our Huntress Hub, you’ll find…
Kawabunga, Dude, You’ve Been Ransomed!
Huntress analysts recently observed an incident where a newer ransomware variant, KawaLocker (also known as KAWA4096) ransomware, was deployed. It’s not unusual for new ransomware…
Exposing Data Exfiltration: Detecting LOLBins, TTPs, and Ransomware Tactics
Huntress frequently sees data staging and exfiltration activity, particularly with ransomware threat actors. These threat actors will collect, stage, and exfiltrate data prior to file…
Cephalus Ransomware: Don’t Lose Your Head
In mid-August, we came across a ransomware variant called Cephalus in two separate incidents. Recently, we’ve seen a slew of newer ransomware families (like Crux…