• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells From Above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Defense

Threat Hunting Win: Uncovering Multi-Stage Malware from RMM Abuse

June 5, 2025 By Ben McGavin

At RSM Defense, we embrace a proactive approach to cybersecurity. Instead of waiting for alerts to trigger a response, our Threat Hunting team regularly conducts hypothesis-driven investigations. These investigations are designed to uncover subtle threats hiding within behavior that might seem legitimate. In late May 2025, our proactive approach paid off when we uncovered an ... READ MORE

Microsoft and HPE targeted by Cozy Bear in seemingly unrelated attacks

January 29, 2024 By Morgan Kennedy

Over the past week, Microsoft and Hewlett Packard Enterprise (HPE) disclosed successful campaigns targeting the organizations by Russian-based threat actor Cozy Bear (aka Midnight Blizzard, aka APT29). Both campaigns conducted successfully obtained access to emails for both companies, including emails for senior leadership and cybersecurity positions.  Neither Microsoft nor HPE ... READ MORE

Intel Insights – Phishing with QR Codes

August 25, 2023 By Joel Belton

A large phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. Researchers from the security firm, Cofense, observed the attacks against “a major Energy company based in the US.” The reported phishing campaign also targeted organizations in other industries, including finance, insurance, manufacturing, and ... READ MORE

Rhysida Ransomware Attack on PMH and Connections to Vice Society Ransomware

August 11, 2023 By Joel Belton

On August 4th, 2023, the parent company of Eastern Connecticut Health Network and Waterbury Health, Prospect Medical Holdings(PMH), announced that all of its facilities were facing IT complications. Prospect Medical Holdings is a parent company to over 16 hospitals, 165 outpatient clinics, in over 4 states ( California, Connecticut, Pennsylvania, Rhode Island) It was later ... READ MORE

STORM-0558 Utilizes Acquired MSA Keys to Forge Authentication Tokens Then Attack Outlook Exchange

July 28, 2023 By Joel Belton

On July 12, 2023, The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA)(aa23-193a) detailing an attack on an Federal Civilian Executive Branch (FCEB) agency in June 2023. The attack had been observed due to observing anomalous activity within the Microsoft 365 (M365) audit logs. ... READ MORE

AI Used in Scams: Faked Kidnapping

May 15, 2023 By Joel Belton

A mother of a 15-year-old girl, Jennifer DeStefano, received a disturbing phone call on January 20th, 2023, while taking her younger daughter, Aubrey, 13, to a dance rehearsal in Scottsdale Arizona. The call's caller ID showed an “Unknown number”, yet a familiar voice was heard on the other end of the telephone call. The voice belonged to her other teenager, Brianna ... READ MORE

Intel Insights – USB Flash Drive Bombs Observed in Ecuador

March 24, 2023 By Joel Belton

RSM Defense Intelligence has observed some claims and reports of a Universal Serial Bus (USB) thumb drive or commonly called flash drive being used as single detonation bombs. One such example was in Ecuador. The device was mailed to a journalist and Ecuadorian television presenter, which resulted in the USB being utilized as an explosive after being plugged into the USB ... READ MORE

Intel Insights – VMWare ESXi and ESXiArgs Ransomware

February 13, 2023 By Joel Belton

RSM Defense Intelligence has observed open-source reporting, as well as notifications from CISA(JCSA_AA23-039A),  which indicates that malicious actors are exploiting known vulnerabilities in VMware ESXi software to gain access to servers and deploy ESXiArgs ransomware. Vulnerabilities utilized by the malicious actors include CVE-2021-21974 (CVSS 8.8), CVE-2020-3992 (CVSS 9.8), ... READ MORE

Intel Insights – ChatGPT: Good Angel or Bad Robot?

January 27, 2023 By Joel Belton

Since the roll out of Open AI’s publicly accessible ChatGPT (Generative Pre-training Transformer) on November 30, 2022, ChatGPT has been subject to widespread attention both in the Clearnet and “DarkWeb”. ChatGPT is based on the GPT architecture and was first released in 2019. Since then, it has undergone several updates and major changes. The GPT model was trained on a ... READ MORE

Intel Insights – Emotet recommences email spam operations after five-month break

January 13, 2023 By Joel Belton

RSM Defense Analyst Notes: On November 2nd, 2022, Cryptolaemus researchers observed the Emotet malware operation spamming malicious emails after a nearly five-month period of little activity. The current campaign uses stolen email reply chains to distribute malicious Excel attachments. The attachments target users worldwide using various languages and files names, masquerading ... READ MORE

  • Page 1
  • Page 2
  • Page 3
  • Interim pages omitted …
  • Page 6
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 11k views

  • Sophos UTM Home Edition – 3 – The Setup 10.9k views

  • Leveraging MS16-032 with PowerShell Empire 10.1k views

  • Bypassing Gmail’s Malicious Macro Signatures 9.9k views

  • How to Bypass SEP with Admin Access 9k views

Footer

  • Facebook
  • LinkedIn
  • Twitter
  • Tools
  • About
  • RSM US LLP

(312) 634-3400

30 S. Wacker Drive Suite 3300
Chicago, IL 60606

Copyright © 2025 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.