HackDig : Dig high-quality web security articles for hacker

Spring Dragon – Updated Activity

Spring Dragon is a long running APT actor that operates on a massive scale. The group has been running campaigns, mostly in countries and territories around the South China Sea, since as early as 2012. The main targets of Spring Dragon attacks are high profile governmental organizations and political parties, education institutions such as universities, as w
Publish At:2017-07-24 17:05 | Read:505 | Comments:0 | Tags:Research APT Targeted Attacks

Webinar: What’s Next for Targeted Attacks?

If there’s one thing that we’ve been repeating almost constantly this year, it’s that malware is evolving. And fast. But it might be more accurate to say that attacks themselves are evolving, and especially targeted attacks. As reported by Verizon in their 2017 Data Breach Investigations Report, malware was used in 51% of the cases in which there was a data
Publish At:2017-06-22 22:25 | Read:449 | Comments:0 | Tags:PandaLabs targeted attacks webinar

Following the Trail of BlackTech’s Cyber Espionage Campaigns

by Lenart Bermejo, Razor Huang, and CH Lei (Threat Solution Team) BlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally, Japan and Hong Kong. Based on the mutexes and domain names of some of their C&C servers, BlackTech’s campaigns are likely designed to steal their target’s technology. Followi
Publish At:2017-06-22 19:05 | Read:908 | Comments:0 | Tags:Targeted Attacks BlackTech cyber espionage PLEAD Shrouded Cr

APT Trends report, Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with Indicators of Compromise (IOC) data and YARA rules to as
Publish At:2017-04-27 19:15 | Read:1068 | Comments:0 | Tags:Analysis Featured Quarterly Malware Reports APT fileless mal

APT Threat Evolution in Q1 2017

Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with Indicators of Compromise (IOC) data and YARA rules to as
Publish At:2017-04-27 05:40 | Read:614 | Comments:0 | Tags:Analysis Featured Quarterly Malware Reports APT fileless mal

Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks

Pawn Storm is an active and aggressive espionage actor group that has been operating since 2004. The group uses different methods and strategies to gain information from their targets, which are covered in our latest research. However, they are particularly known for dangerous credential phishing campaigns. In 2016, the group set up aggressive credential phi
Publish At:2017-04-25 19:50 | Read:785 | Comments:0 | Tags:Targeted Attacks OAuth Pawn Storm

Unraveling the Lamberts Toolkit

Yesterday, our colleagues from Symantec published their analysis of Longhorn, an advanced threat actor that can be easily compared with Regin, ProjectSauron, Equation or Duqu2 in terms of its complexity. Longhorn, which we internally refer to as “The Lamberts”, first came to the attention of the ITSec community in 2014, when our colleagues from F
Publish At:2017-04-16 11:45 | Read:1031 | Comments:0 | Tags:Blog Research Backdoor Malware Descriptions Targeted Attacks

Old Malware Tricks To Bypass Detection in the Age of Big Data

Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently. This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the file: “C:Users123documentsvisual studio 2010Projectsxxmm2Releasetest2.pdb”. We came across an u
Publish At:2017-04-16 11:45 | Read:789 | Comments:0 | Tags:Blog Research APT Cyber espionage Malware Descriptions Malwa

China-based ‘Cloud Hopper’ Campaign Targets MSPs and Cloud Services

A new report by PwC UK and BAE Systems has revealed a sophisticated cyber campaign “of unprecedented size and scale” targeting managed IT service providers (MSPs). The campaign, dubbed Operation Cloud Hopper, was motivated by espionage and information gathering, as evidenced by the attackers’ choice of high value and low profile targets. The authors of the r
Publish At:2017-04-07 15:10 | Read:2818 | Comments:0 | Tags:News cyberespionage cyberwarfare targeted attacks Cloud

Ransomware in targeted attacks

Ransomware’s popularity has attracted the attention of cybercriminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money. In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an organization’s network nodes and servers. This is
Publish At:2017-04-04 23:30 | Read:1129 | Comments:0 | Tags:Blog Featured SAS Encryption Ransomware Targeted Attacks

ATMitch: remote administration of ATMs

In February 2017, we published research on fileless attacks against enterprise networks. We described the data collected during incident response in several financial institutions around the world, exploring how attackers moved through enterprise networks leaving no traces on the hard drives. The goal of these attackers was money, and the best way to cash ou
Publish At:2017-04-04 09:55 | Read:985 | Comments:0 | Tags:Blog Featured SAS ATM Financial malware Targeted Attacks

Penquin’s Moonlit Maze

 Download full report (PDF)  Download Appendix B (PDF) Download YARA rules Back to the Future – SAS 2016 As Thomas Rid left the SAS 2016 stage, he left us with a claim that turned the heads of the elite researchers who filled the detective-themed Tenerife conference hall. His investigation had turned up multiple sources involved in the original in
Publish At:2017-04-03 15:30 | Read:883 | Comments:0 | Tags:Blog Featured SAS APT Targeted Attacks Turla

Lazarus Under The Hood

 Download full report (PDF) In February 2017 an article in the Polish media broke the silence on a long-running story about attacks on banks, allegedly related to the notoriously known Lazarus Group. While the original article didn’t mention Lazarus Group it was quickly picked up by security researchers. Today we’d like to share some of our
Publish At:2017-04-03 15:30 | Read:956 | Comments:0 | Tags:Blog Featured SAS APT Financial malware Lazarus Targeted Att

Winnti Abuses GitHub for C&C Communications

With additional analysis from Cyber Safety Solutions Team Developers constantly need to modify and rework their source codes when releasing new versions of applications or coding projects they create and maintain. This is what makes GitHub—an online repository hosting service that provides version control management—popular. In many ways, it’s like a social
Publish At:2017-03-24 00:25 | Read:1015 | Comments:0 | Tags:Malware Targeted Attacks GitHub plugX Winnti

PetrWrap: the new Petya-based ransomware used in targeted attacks

This year we found a new family of ransomware used in targeted attacks against organizations. After penetrating an organization’s network the threat actors used the PsExec tool to install ransomware on all endpoints and servers in the organization. The next interesting fact about this ransomware is that the threat actors decided to use the well-known P
Publish At:2017-03-14 11:05 | Read:1658 | Comments:0 | Tags:Blog Research Encryption Financial malware Ransomware Target

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud