Kelvin Security and Spectre, investigating possible relationships

Kelvin Security and Spectre, investigating possible relationships Introduction The Yarix Cyber Threat Intelligence Team (YCTI) has conducted an investigation that has discovered a possible relationship between the threat actor Kelvin Security with another threat actor called Spectre. This relations was identified through the discovery and analysis of an indicator found within an Italian governmental leak that was shared by a malicious actor....

BlueDuck: an(other) Infostealer Coveting Digital Marketing Agencies’ Facebook Business Accounts

Introduction In November 2023, the Yarix Cyber Threat Intelligence team (YCTI) intercepted a set of suspicious phishing emails addressed to digital marketing agencies that were impersonating different famous fashion brands. Through the analysis of these emails, we uncovered the activities of a Vietnamese cybercriminal group distributing a malicious python-based infostealer, tracked as BlueDuck, aimed to collect sensitive information from infected...

Citrix ADC – Unexpected Treasure

 TL;DR Setting secure rules for the RelayState parameter is a MUST when configuring Citrix Application Delivery Controller (ADC) and Citrix Gateway as SAML Service Provider, because an attacker can exploit a chain of three low-risk vulnerabilities to compromise victims’ accounts. By luring users to a malicious domain, attackers can steal session cookies and gain unauthorized access to the protected applications....

Rhysida – Ransomware Payload Analysis

RANSOMWARE GROUP DETAILS Ryhsida is a ransomware gang that became famous starting from May 2023 after being correlated to a series of high profile cyber attacks in west Europe, north an south America and Australia. The group seems to be linked with the known Threat Actor “Vice Society”. The team takes his name from a centipede species called Rhysida, this specific kind...