The Ke3chang hacking group added a new malware dubbed Ketrum to its arsenal, it borrows portions of code and features from older backdoors. The Ke3chang hacking group (aka APT15, Vixen Panda, Playful Dragon, and Royal APT) has developed new malware dubbed Ketrum by borrowing parts of the source code and features from their older Ketrican and Okrum backdoo

UK Government will reduce the presence of the equipment manufactured by Chinese Huawei in its 5G network in the wake of the coronavirus outbreak. UK Government will reduce the presence of the equipment manufactured by the Chinese tech firm Huawei in its 5G network in the wake of the Coronavirus outbreak. Early this year, the UK Government agreed on the

Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018. To supplement their research findings, we are summarizing and publishing portions of the findings reported in our June 2018 “Naikon’s New AR Backdoor De

Hackers launched spear-phishing attacks against organizations in the oil and gas industry sector spreading the Agent Tesla info-stealer malware. Crooks are targeting organizations in the oil and gas industry sector with targeted spearphishing campaigns impersonating shipment companies and engineering contractors. The attacks aim at infecting victims with

This week US President Donald Trump signed a bill that assigns $1 billion to small telecom providers for replacing equipment made by China’s Huawei and ZTE. US President Donald Trump continues its battle against the Chinese telco giants Huawei and ZTE, this week he has signed a bill that assigns $1 billion to small telecom providers for replacing equipmen

Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group.Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group. Introduction In November 2018, researchers from C

Austria’s foreign ministry announced that the cyber attack against its systems, allegedly carried by a state actor has ended. Earlier January, Austria’s foreign ministry announced it was facing a “serious cyberattack” and that it could be the work of a nation-state actor. “Due to the gravity and nature of the attack, it cannot be ruled out that

Japanese defense contractors Pasco and Kobe Steel have disclosed security breaches that they have suffered back in 2016 and 2018. Pasco is Japan’s largest geospatial provider and Kobe Steel is one of the major steel manufacturers. Just last week, Japan’s Ministry of Defense announced in addition to Mitsubishi Electric and the NEC defense business division

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Cyberthreats to financial institutions 2020: Overview and predictions Moving to the cloud The popularity of cloud services is growing, and threat actors are here to exploit the trend. We

RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group, located in eight states in Brazil, but also in other countries such as Argentina, Bolivia, Chile, Costa Rica, France, Italy, Me

Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this

The 5G telecommunications revolution is imminent. It is the next generation of cellular network, making use of the existing 4G LTE in addition to opening up the millimeter wave band. 5G will be able to welcome more network-connected devices and increase speeds considerably for users. It will serve as the foundation for advanced services, including: 8k strea

In April 2017, ShadowBrokers published their well-known ‘Lost in Translation’ leak, which, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. In 2018, we found an APT described as the 27th function of this script, which we call ‘DarkUniverse’. This APT was active for a

Targeted attacks and malware campaigns More about ShadowHammer In March, we published the results of our investigation into a sophisticated supply-chain attack involving the ASUS Live Update Utility, used to deliver BIOS, UEFI and software updates to ASUS laptops and desktops. The attackers added a backdoor to the utility and then distributed it to users thr

Russian cyber espionage group APT28 targeted individuals with spear-phishing messages using documents referencing a NATO cybersecurity conference. Researchers with Cisco Talos have spotted a Russian cyber espionage group targeting individuals with spear-phishing messages using documents referencing a NATO cybersecurity conference. Experts attributed the atta