HackDig : Dig high-quality web security articles for hacker

IT threat evolution Q3 2019

Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this
Publish At:2019-11-30 13:05 | Read:504 | Comments:0 | Tags:Featured Malware reports Apple MacOS APT connected car Cyber

APT trends report Q3 2019

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They a
Publish At:2019-10-16 06:25 | Read:447 | Comments:0 | Tags:APT reports Featured Apple iOS APT Browser Chinese-speaking

COMpfun successor Reductor infects files on the fly to compromise TLS traffic

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capa
Publish At:2019-10-03 07:00 | Read:639 | Comments:0 | Tags:APT reports Featured Browser Digital Certificates Encryption

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. Much of the contents of that report are reproduced here. WhiteBear is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private intelli
Publish At:2017-08-30 19:50 | Read:3772 | Comments:0 | Tags:Featured Research APT Cyber espionage Targeted Attacks Turla

APT Trends report Q2 2017

Introduction Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to hel
Publish At:2017-08-08 10:30 | Read:4803 | Comments:0 | Tags:Featured Quarterly Malware Reports APT ExPetr fileless malwa

Penquin’s Moonlit Maze

 Download full report (PDF)  Download Appendix B (PDF) Download YARA rules Back to the Future – SAS 2016 As Thomas Rid left the SAS 2016 stage, he left us with a claim that turned the heads of the elite researchers who filled the detective-themed Tenerife conference hall. His investigation had turned up multiple sources involved in the original in
Publish At:2017-04-03 15:30 | Read:3942 | Comments:0 | Tags:Blog Featured SAS APT Targeted Attacks Turla

Russian cyber espionage group Turla leverages on a new JavaScript Malware

The Russia-linked cyber espionage group known as Turla has been using a new piece of JavaScript malware to profile victims, Kaspersky Lab reported on Thursday. Turla is the name of a Russian cyber espionage ATP group (also known as Waterbug, Venomous Bear and KRYPTON) that has been active since at least 2007 targeting government organizations and private bus
Publish At:2017-02-02 22:00 | Read:3554 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence Malware

KopiLuwak: A New JavaScript Payload from Turla

On 28 January 2017, John Lambert of Microsoft (@JohnLaTwC) tweeted about a malicious document that dropped a “very interesting .JS backdoor“. Since the end of November 2016, Kaspersky Lab has observed Turla using this new JavaScript payload and specific macro variant. This is a technique we’ve observed before with Turla’s ICEDCOFFEE p
Publish At:2017-02-02 20:35 | Read:5494 | Comments:0 | Tags:Blog Featured Research APT JavaScript Macros Turla

Cyberespionage against RUAG, from Red October to Turla, who is the culprit?

Security experts from Melani published a detailed technical report about the strain of Turla used in the cyberespionage attack against the RUAG firm. A few weeks ago I reported about the cyber espionage attack on the Swiss Defense Department that was revealed after a presentation on cyber espionage to the Federal Intelligence Service. The cyber attack was a
Publish At:2016-05-24 00:35 | Read:6741 | Comments:0 | Tags:Cyber warfare Intelligence Malware Reports Uncategorized CER

Locating SAT based C&Cs

Recently, Kaspersky published a research about how a russian APT group use hijacked satellite links to anonymise their malware command-and-control (C&C) servers (Satellite Turla: APT Command and Control in the Sky). As they say in their blog post, I researched and published how to abuse satellite DVB-S/2 internet communications, the technique used during
Publish At:2015-10-29 00:10 | Read:6881 | Comments:0 | Tags:Blog BlackHat blueteam MiTM routing satellite seaairandland

Turla APT Group Abusing Satellite Internet Links

Poorly secured satellite-based Internet links are being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, researchers at Kaspersky Lab said today.Active for close to a decade, Turla’s activities were exposed last year; the Russian-speaking gang has carried out espionage campaigns against more t
Publish At:2015-09-09 13:20 | Read:5949 | Comments:0 | Tags:Critical Infrastructure Hacks Malware Vulnerabilities Web Se

Satellite Turla: APT Command and Control in the Sky

Have you ever watched satellite television? Were you amazed by the diversity of TV channels and radio stations available? Have you ever looked in wonder at satellite phones or satellite-based Internet connections wondering what makes them tick? What if we told you that there’s more to satellite-based Internet connections than entertainment, traffic and
Publish At:2015-09-09 12:35 | Read:5111 | Comments:0 | Tags:Blog Featured Research APT Cyber espionage Turla

Turla: APT Group Gives Their Kernel Exploit a Makeover

Authored by: Arunpreet Singh, Clemens KolbitschThe Turla malware family is part of one of the most sophisticated malware families seen in the wild today. Given that the APT group behind this malware is suspected to be state-sponsored, the sophistication of the malicious code comes at no surprise - just like the fact that we
Publish At:2015-07-30 15:20 | Read:3002 | Comments:0 | Tags:Evasive Malware Turla Kernel exploits APT exploit

Dissecting Turla Rootkit Malware Using Dynamic Analysis

Many of today’s advanced persistent threats have been climbing up the ladder - quite literally: Instead of only using user-mode components, APTs more and more frequently include components that are running as part of the operating system kernel. These kernel components run with the same, or even higher, privileges than most security solutions, and are thus o
Publish At:2015-04-08 11:30 | Read:3910 | Comments:0 | Tags:Evasive Malware Turla Kernel Rootkit Analysis

High-Resolution Dynamic Analysis of Windows Kernel Rootkits

<p>Many recently-discovered sophisticated attacks against Windows users have been found to use at least one component executing in the kernel of the operating system. Examples for such APT attacks are Equation, Regin, Dark Hotel, or Turla/Uroburos, and they have received a lot of scrutiny from the security and research community.</p> <p>T
Publish At:2015-03-18 02:45 | Read:2491 | Comments:0 | Tags:Malware Analysis Turla Uroburos Kernal Rootkits Equation Dar


Share high-quality web security related articles with you:)


Tag Cloud