NeeRaj Singh

Recently I researched activity from some DPRK baddies called Andariel. The investigation involved 2 set of attacks, a staging server, some new RATs, and tools/TTPs - all attributable to Andariel. The report is now live: labs.withsecure.com/publications/a… #malware #andariel #dprk

'Tis the season to be talking about trends! Sharing his thoughts with @siliconrepublic, @WithSecure's Neeraj Singh (@_ginnare) tells us what he thinks we'll be seeing in cyber security in 2024 #cybersecurity #predictions withsecure.smh.re/2CW

A couple thoughts on ATT&CK Evaluations...yes, the marketing is ridiculous. I also hope the useful parts of these evaluations won't get completely lost in that. You can find a lot of insight on tools if you dive into the results. Here are some example questions to consider...

🧵 #DUCKTAIL has adapted their infection chain in a short span of time since our latest report was published. I have summarized their latest execution chain in the attached figure. In short:

1/3 I am happy to share the latest research I had been working on - "Meet the Ducks". We've witnessed an uptick of threat activity surrounding #Meta's ad ecosystem from Vietnam since early 2023 - some highlighted by us as well as other vendors & security researchers in the past.

NEW RESEARCH: In their latest report, @mkazemhn and @_ginnare dive into Vietnamese cyber crime targeting Meta Business accounts, with specific attention paid to DUCKTAIL & a new threat called DUCKPORT labs.withsecure.com/publications/m… #meettheducks #ducktail #duckport #CyberSecurity

Are language model "hallucinations" always useless? Might they be used to generate new research ideas? After all, some of the most interesting developments in machine learning have happened by chance. In this short thread, I'll present some findings on this topic. 1/10

NEW RESEARCH: WithSecure Labs publishes a report documenting the movement of SILKLOADER from Chinese cyber criminals to Russian #ransomware gangs, including CONTI and it’s various affiliates/offspring. Read the report here--> labs.withsecure.com/publications/s… #SILKLOADER #Cyberattack

Let's continue our ATT&CK misunderstandings series & discuss procedures. People sometimes assume ATT&CK is trying to cover every possible way a (sub-)technique can be done, but our procedures only cover what we've seen in public reporting tied to Groups, Software, or Campaigns.

NEW RESEARCH: WithSecure’s @r0zetta details several interesting prompt engineering tricks that could be used to creatively abuse GPT-3, forcing people to become even more skeptical about what they read>> labs.withsecure.com/publications/c… #AI #GPT3 #MachineLearning #cybersecurity #infosec

NEWS: DUCKTAIL, a Vietnam-based cyber crime group discovered by WithSecure, has expanded and evolved their operations. Their attacks cost businesses hundreds of thousands of dollars. Read more in our new report >> labs.withsecure.com/publications/d… #cyberattacks #Ducktail #cybersecurity

SOC analysts and detection engineers who like to publicly write/talk about detection content should put out more about the false positives they usually have to deal with. I feel that false positives often suffer from what academics call the "Publication bias"

I love @MITREattack - but the ways some vendors operationalize it is misleading and often useless. 🧵

Dark Reading | Internet Searches Reveal Surprisingly Prevalent Ransomware stpmvt.com/3z5Abqd

@JAMESWT_MHT @malwrhunterteam @guelfoweb @sugimu_sec @pr0xylife @1ZRR4H @ffforward @StopMalvertisin @Arkbird_SOLG @0xToxin @verovaleros @struppigel This is the new variant of #ducktail, we have been investigating it since last week. Same behavior as the reported earlier here : f-secure.com/content/dam/la…

#Signed "CÔNG TY TNHH PDF SOFTWARE" "H:\Projects\VirutTest\GraphData\bin\Debug\net7.0\win-x64\native\GraphData.pdb" 👇👇👇 bazaar.abuse.ch/browse/tag/CON… H/T @malwrhunterteam

[1/5] Well as you know me there is no trash I would recommend -> I highly recommend to give a try and play with these newly released set of tools #GarbageMan made by @WithSecure. Works like charm for #NET analysis🙏🙌😍 Github:github.com/WithSecureLabs… Blog:labs.withsecure.com/tools/garbagem…

NEWS: WithSecure™ has discovered a new Infostealer Malware, dubbed “DUCKTAIL” which can hijack Facebook Business accounts labs.withsecure.com/publications/d… #CyberAttack #cybersecurity #malware #Facebook

GarbageMan: for when you absolutely, positively have to find them #Formbook #IOCs in your .NET heap: labs.withsecure.com/tools/garbagem…

F-Secure reports the NRSMiner cryptocurrency miner, known to user EternalBlue to propagate inside networks, has updated to a newer version labsblog.f-secure.com/2019/01/03/nrs…