Summary Arctic Wolf Labs has identified and analyzed a new malware loader we’re calling Caminho, a Brazilian-origin Loader-as-a-Service (LaaS) operation employing Least Significant Bit (LSB)
Key Takeaways In late July 2025, Arctic Wolf® detected a surge of malicious activity targeting environments running SonicWall firewalls—a campaign that remains active at the
Executive Summary On 19 August 2025, the Arctic Wolf® Cybersecurity Operations Center (cSOC) uncovered and remediated a sophisticated delivery chain: a threat actor leveraged GitHub’s repository
Executive Summary A relatively new ransomware group, Interlock, has gained traction in 2025 as an opportunistic ransomware operator that leverages compromised websites and multi-stage social
Executive Summary The Arctic Wolf® Labs team has identified a new campaign by cyber-espionage group Dropping Elephant targeting Turkish defense contractors, specifically a manufacturer of
Summary A financially-motivated threat actor, active since early 2021, has been targeting Mexican organizations with custom packaged installers that deliver a modified version of AllaKore
Introduction In today’s interconnected world, the line between physical and digital domains is increasingly blurred, with geopolitical tensions often spilling over into cyberspace. Over the
Executive Summary The Arctic Wolf® Labs team has discovered that the cyber-espionage group UAC-0226, known for utilizing the infostealer GIFTEDCROOK, has significantly evolved its capabilities.
Takeaways Arctic Wolf® observed a recent campaign by the financially motivated threat group Venom Spider targeting hiring managers with spear-phishing emails. The group abuses legitimate
Takeaways Arctic Wolf® observed a recent campaign by the financially motivated threat group Venom Spider targeting hiring managers with spear-phishing emails. The group abuses legitimate
Executive Summary During routine monitoring of the cyber threat landscape in Southeast Asia, the Arctic Wolf Labs team came across a relatively recent Indonesian-based hacktivist
Key Takeaways Arctic Wolf observed a recent campaign affecting Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. The campaign involved unauthorized
Key Takeaways Cleo MFT products were exploited by threat actors to deploy a malicious PowerShell stager, culminating in the execution of a Java-based backdoor we
Key Takeaways Arctic Wolf has observed multiple intrusions across a variety of industries involving Palo Alto Network firewall devices. Affected devices triggered downloads over HTTP
Summary In early September, as part of the Arctic Wolf® Labs team’s continuous monitoring of cyber activities across the Indian subcontinent, we came across an
Key Takeaways Arctic Wolf has observed an influx of at least 30 Akira and Fog intrusions across a variety of industries since early August, each
Summary As part of our continuous threat hunting efforts, the Arctic Wolf® Labs team has discovered a new campaign by the nation-state threat actor known
Summary Beginning in early July 2024, Arctic Wolf responded to multiple SocGholish/FakeUpdate intrusions that resulted in a seemingly benign payload being delivered as a second-stage
Summary In June 2024, a threat group utilizing Akira ransomware was discovered targeting a Latin American airline. The threat actor initially accessed the network via
Summary On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed
Summary As part of our continuous hunting efforts across the Asia-Pacific region, the Arctic Wolf® Labs team discovered Pakistani-based advanced persistent threat group Transparent Tribe
Summary In late 2023, the Arctic Wolf® Labs team identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in
Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as
UPDATE: While the analyzed samples in this report were initially stated as iOS, they are actually Mach-O samples used in the macOS version of LightSpy.
Background Arctic Wolf Labs has been tracking two recent intrusions where threat actors leveraged a new Go-based malware downloader we are calling “CherryLoader” that allowed
Key Takeaways Arctic Wolf Labs has investigated several cases of Royal and Akira ransomware victims being targeted in follow-on extortion attacks starting in October 2023.
This article aims to share timely and relevant information about a rapidly developing campaign under investigation. We are publishing it as early as possible for
Summary On October 30, Israeli-based incident response company SecurityJoes posted findings about a new wiper malware for Linux systems used by pro-Hamas hacktivists in the
1 Summary 2 Ransomware Binary Analysis 2.1 Configuration Format 2.2 Encryption Management Routine 2.3 File Enumeration Routine 2.4 File Processing 2.5 Stopping Services 2.6 Encryption
Summary Arctic Wolf® has discovered a new campaign we’ve dubbed “Silent Skimmer,” involving a financially motivated threat actor targeting vulnerable online payment businesses in the