HackDig : Dig high-quality web security articles for hackers

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for
Publish At:2020-08-12 03:19 | Read:159 | Comments:0 | Tags:Featured Research Malware Technologies Microsoft Internet Ex

Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

By Marshall Chen, Loseway Lu, Yorkbing Yap, and Fyodor Yarochkin (Trend Micro Research) A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the
Publish At:2020-08-07 22:19 | Read:132 | Comments:0 | Tags:Cloud Targeted Attacks business email compromise credential

WastedLocker: technical analysis

The use of crypto-ransomware in targeted attacks has become an ordinary occurrence lately: new incidents are being reported every month, sometimes even more often. On July 23, Garmin, a major manufacturer of navigation equipment and smart devices, including smart watches and bracelets, experienced a massive service outage. As confirmed by an official stateme
Publish At:2020-07-31 07:08 | Read:79 | Comments:0 | Tags:Featured Malware descriptions Malware Descriptions Malware T

APT trends report Q2 2020

For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They
Publish At:2020-07-29 06:05 | Read:174 | Comments:0 | Tags:APT reports Featured APT Backdoor Chinese-speaking cybercrim

Lazarus on the hunt for big game

We may only be six months in, but there’s little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents and through discussions with some of our trusted indust
Publish At:2020-07-28 17:22 | Read:921 | Comments:0 | Tags:APT reports Featured Botnets Cybercrime Lazarus Malware Desc

GReAT Ideas follow-up

On June 17, we hosted our first “GReAT Ideas. Powered by SAS” session, in which several experts from our Global Research and Analysis Team shared insights into APTs and threat actors, attribution, and hunting IoT threats. Here is a brief summary of the agenda from that webinar: Linking attacks to threat actors: case studies by Kurt Baumgartner T
Publish At:2020-07-15 06:12 | Read:183 | Comments:0 | Tags:Events Featured APT Cybercrime honeypot Internet of Things S

Microcin is here

In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like (application programming interface) programming style. Such an approach is not that common in the malware world and is mostly used by top
Publish At:2020-06-19 07:29 | Read:208 | Comments:0 | Tags:APT reports Featured Malware Descriptions Malware Technologi

IT threat evolution Q1 2020

Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted macOS targets, with t
Publish At:2020-05-24 07:11 | Read:232 | Comments:0 | Tags:Featured Malware reports Apple iOS Apple MacOS APT Data leak

Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

By Joey Chen (Threats Analyst) Tropic Trooper, a threat actor group that targets government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong, has been active since 2011. The group was reportedly using spear-phishing emails with weaponized attachments to exploit known vulnerabilities. Primarily motivate
Publish At:2020-05-18 12:48 | Read:246 | Comments:0 | Tags:Malware Targeted Attacks cyberespionage KeyBoy military USB

A look at the ATM/PoS malware landscape from 2017-2019

From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history.  And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like as of 2020? Let’s take a look. The world of ATM/P
Publish At:2020-05-03 08:09 | Read:416 | Comments:0 | Tags:Featured Malware reports ATM attacks Financial malware Malwa

APT trends report Q1 2020

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They a
Publish At:2020-05-03 08:09 | Read:309 | Comments:0 | Tags:APT reports Featured Apple iOS APT Backdoor Chinese-speaking

New Android Banking Trojan Targets Spanish, Portuguese Speaking Users

IBM X-Force research recently analyzed a new Android banking Trojan that appears to be targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America. This Trojan, which was created atop an existing, simpler SMSstealer.BR, was supplemented with more elaborate overlay capabilities. That portion o
Publish At:2020-04-21 06:45 | Read:742 | Comments:0 | Tags:Malware Mobile Security Android Android Malware Banking Malw

Gamaredon APT Group Use Covid-19 Lure in Campaigns

By Hiroyuki Kakara and Erina Maruyama Gamaredon is an advanced persistent threat (APT) group that has been active since 2013. Their campaigns are generally known for targeting Ukrainian government institutions. From late 2019 to February of this year, researchers published several reports on Gamaredon, tracking the group’s activities. In March, we came acros
Publish At:2020-04-18 10:57 | Read:499 | Comments:0 | Tags:Malware Spam Targeted Attacks APT

TA505 Continues to Infect Networks With SDBbot RAT

IBM X-Force Incident Response and Intelligence Services (IRIS) responds to security incidents around the globe. During analysis and comparison of malicious activity on enterprise networks, our team identified attacks likely linked to Hive0065, also known as TA505. We observed that Hive0065 continues to spread the SDBbot remote-access Trojan (RAT) alongside o
Publish At:2020-04-14 12:36 | Read:664 | Comments:0 | Tags:Advanced Threats Incident Response Command-and-Control (C&C)

Loncom packer: from backdoors to Cobalt Strike

The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-
Publish At:2020-04-02 06:58 | Read:720 | Comments:0 | Tags:Featured Malware descriptions Backdoor Malware Descriptions

Tools

Tag Cloud