Research & Threat Intel

June 2, 2022

Tales From the Honeypot: WatchDog Evolves With a New Multi-Stage Cryptojacking Attack

Summary Cado Labs’ honeypot infrastructure was recently compromised by a complex and multi-stage cryptojacking attack Although...
May 18, 2022

Linux Attack Techniques: Dynamic Linker Hijacking with LD Preload

Introduction Linux has long dominated the server computing landscape, and the rapid adoption of cloud technologies by organisations...
April 6, 2022

Cado Discovers Denonia: The First Malware Specifically Targeting Lambda

By Matt Muir, with thanks to Chris Doman, Al Carchrie and Paul Scott. Organisations – both large and small – are increasingly...
February 2, 2022

CoinStomp Malware Family Targets Asian Cloud Service Providers

Newly Discovered Malware Employs Anti-forensics & Anti-hardening Techniques Introduction Researchers at Cado Security...
January 20, 2022

Fallout from Log4Shell-related Vietnamese Cryptocurrency Exchange Attack: KYC Data for Sale on Dark Web

Introduction Since its discovery at the end of 2021, Log4Shell – a zero-day vulnerability affecting Apache’s Log4j...
January 10, 2022

Abcbot - An Evolution of Xanthe

Overview Abcbot, the emerging botnet that we recently analyzed and reported on, has a longer history than we first thought....
December 21, 2021

The Continued Evolution of Abcbot

A new version of a malicious shell script targeting insecure cloud instances running under Cloud Service Providers such as...
December 14, 2021

Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability

By Matt Muir Overview As previously reported, a recently-discovered critical vulnerability (CVE-2021-44228) in Apache’s...
December 13, 2021

Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228

Introduction Log4J is an open-source logging platform running on Java and built-in to many web platforms. Public reports...
November 9, 2021

Cloud Malware Proliferation?

Recently VX Underground released a toolset they report is from the Conti and BlackMatter ransomware gang: As TeamTNT themselves...