HackDig : Dig high-quality web security articles for hackers

An overview of targeted attacks and APTs on Linux

Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux is a secure-by-default operating system that isn’t susceptible to malicious code. It’s certainly tru
Publish At:2020-09-10 06:04 | Read:139 | Comments:0 | Tags:Featured Publications APT Cyber espionage Linux Targeted Att

IT threat evolution Q2 2020

IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics Targeted attacks PhantomLance: hiding in plain sight In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’. The campaign involved a backdoor Trojan that the attackers distributed via dozens of apps
Publish At:2020-09-03 16:30 | Read:337 | Comments:0 | Tags:Featured Malware reports Backdoor Exploit Kits Malware Descr

Transparent Tribe: Evolution analysis,part 2

Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. This is the second of two artic
Publish At:2020-08-26 06:34 | Read:186 | Comments:0 | Tags:APT reports Featured APT Google Android Malware Descriptions

Lifting the veil on DeathStalker, a mercenary triumvirate

State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an arr
Publish At:2020-08-24 07:38 | Read:181 | Comments:0 | Tags:APT reports Featured Cybercrime Malware Descriptions Malware

Transparent Tribe: Evolution analysis,part 1

Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have periodically reported their activities through our APT threat intell
Publish At:2020-08-20 08:00 | Read:262 | Comments:0 | Tags:APT reports Featured APT Keyloggers Malware Descriptions Mal

CactusPete APT group’s updated Bisonal backdoor

CactusPete (also known as Karma Panda or Tonto Team) is an APT group that has been publicly known since at least 2013. Some of the group’s activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this group’s activity for years as well. Historically, their activity has been foc
Publish At:2020-08-13 06:21 | Read:298 | Comments:0 | Tags:APT reports Featured Backdoor Data theft Malware Description

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for
Publish At:2020-08-12 03:19 | Read:385 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Internet Ex

Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

By Marshall Chen, Loseway Lu, Yorkbing Yap, and Fyodor Yarochkin (Trend Micro Research) A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the
Publish At:2020-08-07 22:19 | Read:315 | Comments:0 | Tags:Cloud Targeted Attacks business email compromise credential

WastedLocker: technical analysis

The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month, sometimes even more often. On July 23, Garmin, a major manufacturer of navigation equipment and smart devices, including smart watches and bracelets, experienced a massive service outage. As confirmed by an official stateme
Publish At:2020-07-31 07:08 | Read:250 | Comments:0 | Tags:Featured Malware descriptions Malware Descriptions Malware T

APT trends report Q2 2020

For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They
Publish At:2020-07-29 06:05 | Read:353 | Comments:0 | Tags:APT reports Featured APT Backdoor Chinese-speaking cybercrim

Lazarus on the hunt for big game

We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents and through discussions with some of our trusted indust
Publish At:2020-07-28 17:22 | Read:1212 | Comments:0 | Tags:APT reports Featured Botnets Cybercrime Lazarus Malware Desc

GReAT Ideas follow-up

On June 17, we hosted our first “GReAT Ideas. Powered by SAS” session, in which several experts from our Global Research and Analysis Team shared insights into APTs and threat actors, attribution, and hunting IoT threats. Here is a brief summary of the agenda from that webinar: Linking attacks to threat actors: case studies by Kurt Baumgartner T
Publish At:2020-07-15 06:12 | Read:337 | Comments:0 | Tags:Events Featured APT Cybercrime honeypot Internet of Things S

Microcin is here

In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like (application programming interface) programming style. Such an approach is not that common in the malware world and is mostly used by top
Publish At:2020-06-19 07:29 | Read:437 | Comments:0 | Tags:APT reports Featured Malware Descriptions Malware Technologi

IT threat evolution Q1 2020

Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted macOS targets, with t
Publish At:2020-05-24 07:11 | Read:426 | Comments:0 | Tags:Featured Malware reports Apple iOS Apple MacOS APT Data leak

Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

By Joey Chen (Threats Analyst) Tropic Trooper, a threat actor group that targets government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong, has been active since 2011. The group was reportedly using spear-phishing emails with weaponized attachments to exploit known vulnerabilities. Primarily motivate
Publish At:2020-05-18 12:48 | Read:402 | Comments:0 | Tags:Malware Targeted Attacks cyberespionage KeyBoy military USB

Tools

Tag Cloud