Fortgale

ℹ️ Uncovering a new variant of Guloader used to target Italian companies Fortgale has recently observed the deployment of a new variant of #Guloader malware in the wild. This #malware is particularly insidious as it is distributed as an attachment in malicious emails that simulate a request for quotation. To increase the realism and credibility of the attack, the senders compromised real Microsoft365 accounts. After deploying various payloads, the final stage of the attack culminates in the release of different #RemoteAccessTrojans (RATs) such as #RemcosRAT. As mentioned by other analysis, GuLoader is still being actively developed and thus frequently updated with changes in the structure and related infrastructure. The Command and Control (C2) servers contacted during the attack are located in #Italy and #Bulgaria. Notably, these servers were not previously associated with Guloader, indicating a continuous evolution of the Threat Actor's infrastructure. Part of the infrastructure is hosted on legit websites breached, making infrastructure hunting activities more complicated. Relevant Indicators of Compromise (IOCs): 🔴 91.92.242[.]245 🔴 91.92.250[.]172 Keep following us at fortgale.com

Excited to announce that we are sponsors of the upcoming #CyberSec2024 event in Rome! https://lnkd.in/d24qtfd8 As leaders in the Italian Cyber Defense industry, we are committed to advancing cybersecurity and fostering prolific collaborations with national and international actors. Learn more about how to protect corporate assets at https://fortgale.com

🎉Proud to share the latest achievement of our Cyber Threat Intelligence team! We thank Mandiant (now part of Google Cloud), for corroborating evidence on #UNC4990, an Italian threat which Fortgale publicly disclosed in this post (https://lnkd.in/dhvb5RMj) as #NebulaBroker back in 2023. You can find Mandiant's full report here: 🔸https://lnkd.in/gkKmbh_2 #BrokerLoader #Worm

Weekly Cyber Threats If you need to protect your company from the most recent #Cybercriminal tools, below we are reporting five observed over the last week: 🔴 #Get2 🔴 #Pupy 🔴 #Ursnif 🔴 #SocGholish 🔴 #PoshC2 Be sure to block these #malicious IP addresses on your #Firewall: ◼ 101.43.191[.]108 ◼ 47.104.28[.]38 ◼ 158.220.115[.]82 ◼ 59.110.15[.]143 ◼ 39.105.2[.]113 If you want to stay informed about the latest #ThreatActor and #Malware developments, keep following us! Happy hunting, and may you catch them all 🎯

🛡 While protecting our clients we encounter a lot of different Cyber Threats. We often deal with Infostealers, a specific type of malware designed to extract data and information from compromised devices. Today we are sharing a brief analysis conducted in October 2023 regarding StealC. ℹ To get access to the full version of the report, please reach out at [email protected] #Cybersecurity #Infostealer #MDR #StealC

📑Weekly Cyber Threats If you need to protect your company from the most recent #Cybercriminal tools, below we are reporting five observed over the last week: 🔴 #Havoc C2 🔴 #Evilginx 🔴 #SocGholish 🔴 #njRAT 🔴 #Deimos C2 Be sure to block these #malicious IP addresses on your #Firewall: ◼ 121.41.49[.]194 ◼ 158.220.115[.]82 ◼ 114.55.226[.]103 ◼ 121.41.17[.]125 ◼ 43.138.72[.]60 If you want to stay informed about the latest #ThreatActor and #Malware developments, keep following us! Happy hunting, and may you catch them all 🎯

📑Weekly Cyber Threats If you need to protect your company from the most recent #Cybercriminal tools, below we are reporting five observed over the last week: 🔴 Remcos 🔴 Havoc 🔴 WhiteSnake 🔴 IcedID 🔴 Metasploit Be sure to block these #malicious IP addresses on your #Firewall: ◼ 121.41.17[.]125 ◼ 45.56.105[.]235 ◼ 45.77.255[.]59 ◼ 94.156.64[.]124 ◼ 83.220.169[.]42 If you want to stay informed about the latest #ThreatActor and #Malware developments, keep following us: Fortgale Happy hunting, and may you catch them all 🎯

🍾 New Year, New Threats? While we get ready to face the new challenges that 2024 will bring, here are some insights of the #ThreatLandscape over the last three months of 2023. Be sure to block the following malicious IP addresses on your #Firewall. Both are related to the same #ThreatActor using #CobaltStrike: 🔴 85.209.276[.]30 🔴 185.196.8[.]246 Happy hunting, and may you catch them all! ⭕ More Info: FORTGALE

Cyber Threat Actors have different targets and goals, raging from beliefs to economic gain. Today we delve into those of PhishSurf Nebula (from our recent analysis) focusing on who and why is the victim of this criminal group. #PhishSurfNebula (PSN) has been targeting more than 60 companies aiming at exfiltrating valuable information. Examining the targeted sectors, 25% of the companies operate in the #Investment sector, encompassing various commodities and areas. #RealEstate companies constitute 15%, often specializing in the luxury sector, closely followed by those engaged in other #financial domains. #Legal entities comprise 10%, while the rest is distributed among #consultancy, #SolarEnergy, and other sectors. Geographically, 17% of the involved companies are in the #UK, followed by #Germany (10%), #France (7%), and #Denmark (7%). The rest are spread across #Europe, and a few are in the #US. 💡INSIGHTS: PSN targets companies in specific countries and sectors, underscoring the Threat Actor's precise intent to achieve pre-determined goals. It's crucial for the people in charge of keeping information safe, like #CISO and #ITdepartment, to stay informed about threats targeting their country or industry. This helps them stay updated and ready to handle targeted attacks effectively.

📑 Espionage activities targeting European businesses Today we are releasing our analysis of #PhishSurfNebula, an Advanced Cyber Espionage group operating since 2021. This group primarily targets #Banking, #Finance and #RealEstate sectors in Europe and North America, with a notable capability to bypass Multi-Factor Authentication (#MFA). We have been tracking its infrastructure for a while and we are sharing some useful insights for #CISO(s) and #ITC Departments. 📣 Read the full article: https://lnkd.in/dqXx8HDQ 📍 More on FORTGALE #PhishSurfNebula #Cybersecurity #ThreatActor