HackDig : Dig high-quality web security articles for hacker

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. Much of the contents of that report are reproduced here. WhiteBear is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private intelli
Publish At:2017-08-30 19:50 | Read:3276 | Comments:0 | Tags:Featured Research APT Cyber espionage Targeted Attacks Turla

APT Trends report Q2 2017

Introduction Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to hel
Publish At:2017-08-08 10:30 | Read:4304 | Comments:0 | Tags:Featured Quarterly Malware Reports APT ExPetr fileless malwa

Penquin’s Moonlit Maze

 Download full report (PDF)  Download Appendix B (PDF) Download YARA rules Back to the Future – SAS 2016 As Thomas Rid left the SAS 2016 stage, he left us with a claim that turned the heads of the elite researchers who filled the detective-themed Tenerife conference hall. His investigation had turned up multiple sources involved in the original in
Publish At:2017-04-03 15:30 | Read:3218 | Comments:0 | Tags:Blog Featured SAS APT Targeted Attacks Turla

Russian cyber espionage group Turla leverages on a new JavaScript Malware

The Russia-linked cyber espionage group known as Turla has been using a new piece of JavaScript malware to profile victims, Kaspersky Lab reported on Thursday. Turla is the name of a Russian cyber espionage ATP group (also known as Waterbug, Venomous Bear and KRYPTON) that has been active since at least 2007 targeting government organizations and private bus
Publish At:2017-02-02 22:00 | Read:3149 | Comments:0 | Tags:APT Breaking News Cyber warfare Hacking Intelligence Malware

KopiLuwak: A New JavaScript Payload from Turla

On 28 January 2017, John Lambert of Microsoft (@JohnLaTwC) tweeted about a malicious document that dropped a “very interesting .JS backdoor“. Since the end of November 2016, Kaspersky Lab has observed Turla using this new JavaScript payload and specific macro variant. This is a technique we’ve observed before with Turla’s ICEDCOFFEE p
Publish At:2017-02-02 20:35 | Read:4914 | Comments:0 | Tags:Blog Featured Research APT JavaScript Macros Turla

Cyberespionage against RUAG, from Red October to Turla, who is the culprit?

Security experts from Melani published a detailed technical report about the strain of Turla used in the cyberespionage attack against the RUAG firm. A few weeks ago I reported about the cyber espionage attack on the Swiss Defense Department that was revealed after a presentation on cyber espionage to the Federal Intelligence Service. The cyber attack was a
Publish At:2016-05-24 00:35 | Read:6269 | Comments:0 | Tags:Cyber warfare Intelligence Malware Reports Uncategorized CER

Locating SAT based C&Cs

Recently, Kaspersky published a research about how a russian APT group use hijacked satellite links to anonymise their malware command-and-control (C&C) servers (Satellite Turla: APT Command and Control in the Sky). As they say in their blog post, I researched and published how to abuse satellite DVB-S/2 internet communications, the technique used during
Publish At:2015-10-29 00:10 | Read:6429 | Comments:0 | Tags:Blog BlackHat blueteam MiTM routing satellite seaairandland

Turla APT Group Abusing Satellite Internet Links

Poorly secured satellite-based Internet links are being abused by nation-state hackers, most notably by the Turla APT group, to hide command-and-control operations, researchers at Kaspersky Lab said today.Active for close to a decade, Turla’s activities were exposed last year; the Russian-speaking gang has carried out espionage campaigns against more t
Publish At:2015-09-09 13:20 | Read:5531 | Comments:0 | Tags:Critical Infrastructure Hacks Malware Vulnerabilities Web Se

Satellite Turla: APT Command and Control in the Sky

Have you ever watched satellite television? Were you amazed by the diversity of TV channels and radio stations available? Have you ever looked in wonder at satellite phones or satellite-based Internet connections wondering what makes them tick? What if we told you that there’s more to satellite-based Internet connections than entertainment, traffic and
Publish At:2015-09-09 12:35 | Read:4397 | Comments:0 | Tags:Blog Featured Research APT Cyber espionage Turla

Turla: APT Group Gives Their Kernel Exploit a Makeover

Authored by: Arunpreet Singh, Clemens KolbitschThe Turla malware family is part of one of the most sophisticated malware families seen in the wild today. Given that the APT group behind this malware is suspected to be state-sponsored, the sophistication of the malicious code comes at no surprise - just like the fact that we
Publish At:2015-07-30 15:20 | Read:2657 | Comments:0 | Tags:Evasive Malware Turla Kernel exploits APT exploit

Dissecting Turla Rootkit Malware Using Dynamic Analysis

Many of today’s advanced persistent threats have been climbing up the ladder - quite literally: Instead of only using user-mode components, APTs more and more frequently include components that are running as part of the operating system kernel. These kernel components run with the same, or even higher, privileges than most security solutions, and are thus o
Publish At:2015-04-08 11:30 | Read:3139 | Comments:0 | Tags:Evasive Malware Turla Kernel Rootkit Analysis

High-Resolution Dynamic Analysis of Windows Kernel Rootkits

<p>Many recently-discovered sophisticated attacks against Windows users have been found to use at least one component executing in the kernel of the operating system. Examples for such APT attacks are Equation, Regin, Dark Hotel, or Turla/Uroburos, and they have received a lot of scrutiny from the security and research community.</p> <p>T
Publish At:2015-03-18 02:45 | Read:2188 | Comments:0 | Tags:Malware Analysis Turla Uroburos Kernal Rootkits Equation Dar

Powerful, highly stealthy Linux trojan may have infected victims for years

Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.The previously undiscovered malware represents a missing puzzle piece tied to "Turla," a so-called advanced persistent threat (APT) disclosed in August by Kaspersk
Publish At:2014-12-09 04:20 | Read:1958 | Comments:0 | Tags:Law & Disorder Risk Assessment Technology Lab backdoors espi

2014 年のオンラインセキュリティにおける 4 大事件

2014 年は、大規模なデータ侵害から Web の根幹に関わる脆弱性まで、さまざまなセキュリティ事案が発生しましたが、その中で重要度を判断するのは難しいことです。単に興味を引くだけの出来事もあれば、オンラインセキュリティにおける大きなトレンドを示す出来事もあります。過去の名残に過ぎない脅威もあれば、将来を指し示す脅威もあるのです。この 1 年にオンラインセキュリティの世界で発生した 4 つの重要な事件を振り返り、そこから得られた(または得るべき)教訓と、来年予想される出来事を考察します。Heartbleed 脆弱性および ShellShock(Bash Bug)脆弱性の発見今年の春、Heartbleed 脆弱性が見つかりました。Heartbleed は OpenSSL の深刻な脆弱性です
Publish At:2014-12-01 04:05 | Read:2620 | Comments:0 | Tags:Security Security Response Endpoint Protection (AntiVirus) 2

Regin Cyberespionage Platform Also Spies on GSM Networks

Researchers have uncovered a complex espionage platform reminiscent of Duqu that has been used since at least 2008 not only to spy on and extract email and documents from government agencies, research institutions and banks, but also one that targets GSM network operators in order to launch additional attacks.Kaspersky Lab published a report this morning tha
Publish At:2014-11-24 16:20 | Read:3110 | Comments:0 | Tags:Critical Infrastructure Government Malware apt Costin Raiu c


Share high-quality web security related articles with you:)


Tag Cloud