More ProxyShell? Web Shells Lead to ZeroLogon and Application Impersonation Attacks


FortiGuard Labs recently discovered a threat actor leveraging ProxyShell exploits using unreported techniques. Read more on the analysis of detected malicious DLLs in memory by recreating incidents in a lab environment.<img src=”http://feeds.feedburner.com/~r/fortinet/blog/threat-research/~4/Op931IsPbtI” height=”1″ width=”1″ alt=””/>

Read more

The Affiliate’s Cookbook – A Firsthand Peek into the Operations and Tradecraft of Conti


FortiGuard Labs takes a detailed look into recently leaked documentation provided to criminal affiliates of Ransomware-as-a-Service outfit – Conti, including support provided by this group. Learn about the operations and tradecraft of Conti.<img src=”http://feeds.feedburner.com/~r/fortinet/blog/threat-research/~4/mGAQEwT4yzo” height=”1″ width=”1″ alt=””/>

Read more

Signed, Sealed, and Delivered – Signed XLL File Delivers Buer Loader


The FortiGuard Labs team discovered a malicious spam campaign using a social engineering lure to trick targets into opening a malicious Excel document which then contacts a remote server that downloads a malicious payload. Learn more in our analysis of the attack and infrastructure used.<img src=”http://feeds.feedburner.com/~r/fortinet/blog/threat-research/~4/oBjBOLcPHw4″ height=”1″ width=”1″ alt=””/>

Read more