HackDig : Dig high-quality web security articles

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

In late August 2020, we published an overview of DeathStalker’s profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns (PowerPepper was later documented in 2020). Notably, we exposed why we believe the threat actor may fit a group of mercenaries, offering hack-for-hire services, or acting as an information broker to
Publish At:2022-08-10 06:25 | Read:188 | Comments:0 | Tags:APT reports Cryptocurrencies Malware Descriptions Malware Te

Andariel deploys DTrack and Maui ransomware

On July 7, 2022, the CISA published an alert, entitled, “North Korean State-Sponsored Cyber Actors Use Maui Ransomware To Target the Healthcare and Public Health Sector,” related to a Stairwell report, “Maui Ransomware.” Later, the Department of Justice announced that they had effectively clawed back $500,000 in ransom payments to the
Publish At:2022-08-09 06:25 | Read:103 | Comments:0 | Tags:APT reports Andariel APT Malware Descriptions Malware Techno

Targeted attack on industrial enterprises and public institutions

In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several countries. In the course of our research, we were able to identify over a dozen of attacked organizations. The attack targeted industrial plants, design bureaus and research institutes, government agenc
Publish At:2022-08-08 05:10 | Read:124 | Comments:0 | Tags:APT reports APT Backdoor Cyber espionage Data theft Malware

APT trends report Q2 2022

For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They ar
Publish At:2022-07-28 06:24 | Read:173 | Comments:0 | Tags:APT reports APT Chinese-speaking cybercrime Firmware Lazarus

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Introduction Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely crash the victim machine. In our APT predictions for 2022, we noted
Publish At:2022-07-25 06:24 | Read:339 | Comments:0 | Tags:APT reports Drivers Firmware Malware Descriptions Malware Te

The SessionManager IIS backdoor

Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didn’t come back empty-handed… In 2021, we noticed a trend among several threat actors for deploying a backdoor within IIS after exploiting one of the ProxyLogo
Publish At:2022-06-30 05:09 | Read:532 | Comments:0 | Tags:APT reports APT Backdoor Malware Descriptions Malware Techno

APT ToddyCat

ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call &#
Publish At:2022-06-21 06:17 | Read:713 | Comments:0 | Tags:APT reports APT Backdoor Dropper Encryption Malware Descript

WinDealer dealing on the side

Introduction LuoYu is a lesser-known threat actor that has been active since 2008. It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. In their initial disclosures on this threat actor,
Publish At:2022-06-02 06:16 | Read:788 | Comments:0 | Tags:APT reports APT Chinese-speaking cybercrime Google Android I

APT trends report Q1 2022

For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They ar
Publish At:2022-04-27 10:05 | Read:2313 | Comments:0 | Tags:APT reports APT Chinese-speaking cybercrime Fileless malware

Lazarus Trojanized DeFi app for delivering malware

p>For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evo
Publish At:2022-03-31 10:04 | Read:856 | Comments:0 | Tags:APT reports Backdoor Financial malware Google Chrome Lazarus

MoonBounce: the dark side of UEFI firmware

What happened? At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to
Publish At:2022-01-20 06:07 | Read:4809 | Comments:0 | Tags:APT reports APT Chinese-speaking cybercrime Firmware Malware

The BlueNoroff cryptocurrency hunt is still on

BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual financial motivation for an APT. The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to t
Publish At:2022-01-13 06:07 | Read:2899 | Comments:0 | Tags:APT reports BlueNoroff Cryptocurrencies Data theft Financial

ScarCruft surveilling North Korean defectors and human rights activists

The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Korean Peninsula, between others. Recently, we were approached by a news organization with a r
Publish At:2021-11-29 07:18 | Read:2784 | Comments:0 | Tags:APT reports APT Cybercrime Google Android Malware Descriptio

WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

Overview This February, during our hunting efforts for threat actors using VBS/VBA implants, we came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with functionality to collect system information and execute arbitrary code sent by the attackers on the infected machin
Publish At:2021-11-29 06:05 | Read:4114 | Comments:0 | Tags:APT reports APT Cybercrime Macros Malicious spam Microsoft E

APT trends report Q3 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They
Publish At:2021-10-26 08:45 | Read:2608 | Comments:0 | Tags:APT reports APT Chinese-speaking cybercrime Cyber espionage

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud