Intelligence Center

Threat Research

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. Learn More

DarkGate switches up its tactics with new payload, email templates

DarkGate has been observed distributing malware through Microsoft Teams and even via malvertising campaigns. Learn More

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called “CarnavalHeist.” Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. Learn More

Fortify Your Defense

Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.

Together, we can reduce downtime and mitigate risk. Get started today.

Learn More

Latest Talos Takes Podcast Episodes

June 21, 2024 | Ep. 188
Everything we know about denial-of-service attacks in 2024

You may think a DDoS attack is so early aughts. But some of the largest attacks of this type have occurred in just the past few years. Talos recently updated our advice for how to best mitigate and prepare for this threat, so Aliza Johnson from Talos' Threat Intelligence & Interdiction team joins the show this week to discuss her recent findings and hacktivists' trends around using this threat. 

June 14, 2024 | Ep. 187
The many shades of LilacSquid

Anna Bennett, one of Talos' threat hunters, joins the show this week to talk about one of her recent findings — the LilacSquid APT. This is a newly discovered threat actor that Talos found hiding on networks for months and years at a time, silently stealing sensitive information the entire time. Anna discusses LilacSquid's activities, potential motivations, and how they overlap with North Korean APTs. 

Why Cisco Talos?

Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.

Our job is your defense.

Talos powers the Cisco portfolio with comprehensive intelligence.

Every customer environment, every event, every single day, all around the world.