Intelligence Center

Threat Research

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. Learn More

DarkGate switches up its tactics with new payload, email templates

DarkGate has been observed distributing malware through Microsoft Teams and even via malvertising campaigns. Learn More

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. Learn More

Fortify Your Defense

Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.

Together, we can reduce downtime and mitigate risk. Get started today.

Learn More

Latest Talos Takes Podcast Episodes

June 14, 2024 | Ep. 187
The many shades of LilacSquid

Anna Bennett, one of Talos' threat hunters, joins the show this week to talk about one of her recent findings — the LilacSquid APT. This is a newly discovered threat actor that Talos found hiding on networks for months and years at a time, silently stealing sensitive information the entire time. Anna discusses LilacSquid's activities, potential motivations, and how they overlap with North Korean APTs. 

June 7, 2024 | Ep. 186
A mid-year checkin on Volt Typhoon

The Volt Typhoon threat actor is one of the longest-running cybersecurity storylines this year. The Chinese state-sponsored actor has already been accused of a range of attacks, specifically targeting critical infrastructure and U.S. military bases. Since it's been a few months without any new developments with this group, we thought it'd be a good idea to check in with Talos' Threat Intelligence and Interdiction team on what's going on with this actor, and if they're up to anything new. 

Why Cisco Talos?

Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.

Our job is your defense.

Talos powers the Cisco portfolio with comprehensive intelligence.

Every customer environment, every event, every single day, all around the world.