HackDig : Dig high-quality web security articles for hacker

REDBALDKNIGHT/BRONZE BULTER’s Daserf Backdoor Now Using Steganography

by Joey Chen and MingYen Hsieh (Threat Analysts) REDBALDKNIGHT, also known as BRONZE BUTLER and Tick, is a cyberespionage group known to target Japanese organizations such as government agencies (including defense) as well as those in biotechnology, electronics manufacturing, and industrial chemistry. Their campaigns employ the Daserf backdoor (detected by T
Publish At:2017-11-07 11:35 | Read:534 | Comments:0 | Tags:Malware Targeted Attacks Vulnerabilities BRONZE BULTER Daser

ChessMaster’s New Strategy: Evolving Tools and Tactics

by MingYen Hsieh, CH Lei, and Kawabata Kohei A few months ago, we covered the ChessMaster cyberespionage campaign, which leveraged a variety of toolsets and malware such as ChChes and remote access trojans like RedLeaves and PlugX to compromise its targets—primarily organizations in Japan. A few weeks ago, we observed new activity from ChessMaster, with nota
Publish At:2017-11-06 17:10 | Read:131 | Comments:0 | Tags:Bad Sites Targeted Attacks ChessMaster

Silence – a new Trojan attacking financial organizations

More information about the Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. The attackers were using a kno
Publish At:2017-11-01 18:25 | Read:154 | Comments:0 | Tags:Featured Research Backdoor Dropper Financial malware Targete

Gaza Cybergang – updated activity in 2017:

1. Summary information The Gaza cybergang is an Arabic-language, politically-motivated cybercriminal group, operating since 2012 and actively targeting the MENA (Middle East North Africa) region. The Gaza cybergang’s attacks have never slowed down and its typical targets include government entities/embassies, oil and gas, media/press, activists, politi
Publish At:2017-10-30 15:55 | Read:118 | Comments:0 | Tags:APT reports APT Arabic Malware Macros Mobile Malware Targete

Analyzing an exploit for СVE-2017-11826

The latest Patch Tuesday (17 October) brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML pa
Publish At:2017-10-26 05:40 | Read:477 | Comments:0 | Tags:Research Microsoft Office Targeted Attacks Vulnerabilities a

Bad Rabbit ransomware

What happened? On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine. Here’s what a ransom message looks like for the unlucky victims: What is bad rabbit? Bad Rabbit is a previously unknown r
Publish At:2017-10-24 16:45 | Read:192 | Comments:0 | Tags:Featured Incidents drive-by attack Ransomware Targeted Attac

The Festive Complexities of SIGINT-Capable Threat Actors

To read the full paper and learn more about this, refer to “Walking in Your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell” Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt manipulation have proven enough for many researchers to shy away from the a
Publish At:2017-10-04 07:35 | Read:284 | Comments:0 | Tags:Events Featured Research APT Deception techniques Targeted A

A Modern Hypervisor as a Basis for a Sandbox

In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an Android sandbox. In this article, we will look at just one of
Publish At:2017-09-19 11:40 | Read:221 | Comments:0 | Tags:Publications Antivirus Technologies Security technology Targ

An (un)documented Word feature abused by attackers

A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. However, a close inspection revealed that they contained several links to PHP
Publish At:2017-09-18 17:05 | Read:202 | Comments:0 | Tags:Featured Research Microsoft Word Targeted Attacks Vulnerabil

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. Much of the contents of that report are reproduced here. WhiteBear is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private intelli
Publish At:2017-08-30 19:50 | Read:433 | Comments:0 | Tags:Featured Research APT Cyber espionage Targeted Attacks Turla

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Further investigation showed that the sour
Publish At:2017-08-15 14:15 | Read:709 | Comments:0 | Tags:Featured Research Backdoor DNS Software supply-chain attack

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations. Attack Geogra
Publish At:2017-08-09 10:25 | Read:434 | Comments:0 | Tags:Research Encryption Malware Descriptions Ransomware Targeted

APT Trends report Q2 2017

Introduction Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to hel
Publish At:2017-08-08 10:30 | Read:321 | Comments:0 | Tags:Featured Quarterly Malware Reports APT ExPetr fileless malwa

How HTML Attachments and Phishing Are Used In BEC Attacks

Traditionally, BEC attacks have used keyloggers to steal saved account information from target machines. However, using an executable file for the attachment usually flags a user not to click them as there is a high chance that the file is malicious. As a result, we’ve seen a trend wherein the attached files are no longer executable files but HTML pages: Fi
Publish At:2017-07-27 16:35 | Read:349 | Comments:0 | Tags:Social Targeted Attacks BEC HTML attachments phishing

ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal

by Benson Sy, CH Lei, and Kawabata Kohei From gathering intelligence, using the right social engineering lures, and exploiting vulnerabilities to laterally moving within the network, targeted attacks have multifarious tools at their disposal. And like in a game of chess, they are the set pieces that make up their modus operandi. Take for instance the self-na
Publish At:2017-07-27 08:10 | Read:392 | Comments:0 | Tags:Targeted Attacks APT10 ChChes ChessMaster EMDIVI menuPass

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud