Threat Intelligence Archives

Threat Intelligence

Dark Halo Leverages SolarWinds Compromise to Breach Organizations

December 14, 2020

Damien Cash, Matthew Meltzer, Sean Koessel, Steven Adair, Tom Lancaster, and Volexity Threat Research

Volexity is releasing additional research and indicators associated with compromises impacting customers of the SolarWinds Orion software platform. Volexity has also published a guide for responding to the SolarWinds breach, […]

Threat Intelligence

OceanLotus: Extending Cyber Espionage Operations Through Fake Websites

November 6, 2020

Steven Adair, Tom Lancaster, and Volexity Threat Research

Since Volexity’s 2017 discovery that OceanLotus was behind a sophisticated massive digital surveillance campaign, the threat group has continued to evolve. In 2019, Volexity gave a presentation at RSA Conference […]

Threat Intelligence

Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant

April 21, 2020

Andrew Case, Dave Lassalle, Matthew Meltzer, Sean Koessel, Steven Adair, and Tom Lancaster

In September 2019, Volexity published Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs, which described a series of attacks against Uyghurs from multiple Chinese APT actors. The most notable threat […]

Threat Intelligence

Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign

March 31, 2020

Volexity Threat Research

Beginning in May 2019, Volexity started tracking a new series of strategic web compromises that have been used in highly targeted attacks against Tibetan individuals and organizations by a Chinese […]

Threat Intelligence

Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited

March 6, 2020

Volexity Threat Research

On February 11, 2020, as part of Patch Tuesday, Microsoft released cumulative updates and a service pack that addressed a remote code execution vulnerability found in Microsoft Exchange 2010, 2013, […]

Threat Intelligence

Vulnerable Private Networks: Corporate VPNs Exploited in the Wild

September 11, 2019

Sean Koessel and Steven Adair

The details of multiple, critical Pulse Secure SSL VPN vulnerabilities are well known; they were disclosed in detail by two security researchers as part of a talk at Black Hat […]

Threat Intelligence

Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs

September 2, 2019

Andrew Case, Matthew Meltzer, and Steven Adair

Over the last several years, numerous reports have emerged regarding the shocking treatment of Uyghurs, a Muslim minority ethnic group that makes up a large part of the Xinjiang Uyghur […]

Threat Intelligence

Sophisticated Phishing Campaign Targets Corporate Credentials

June 26, 2019

Volexity Threat Research

Volexity has been tracking a series of phishing campaigns focused on harvesting Microsoft Office 365 account credentials. While many commodity phishing kits are available to purchase containing Office 365 themes, […]

Threat Intelligence

Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)

November 8, 2018

Volexity Threat Research

If your organization is running an Internet-facing version of ColdFusion, you may want to take a close look at your server. Volexity recently observed active exploitation of a newly patched […]

Threat Intelligence

Magecart Strikes Again: Newegg in the Crosshairs

September 19, 2018

Volexity Threat Research

Volexity has conducted the following research in collaboration with RiskIQ. We will discuss the same incident from different perspectives. RiskIQ’s report of this activity can be seen here. In another […]