Collaborate Disseminate
TajMahal, DarkUniverse, PuzzleMaker, ProjectSauron (aka Strider), USB Thief, TENSHO (aka White Tur), PlexingEagle, SinSono, MagicScroll (aka AcidBox), Metador—all these targeted attacks are still unattributed. Continue reading TOP 10 unattributed APT mysteries
Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis Team, is now being made available to a wider audience. Continue reading Looking at Big Threats Using Code Similarity. Part 1
If you read my previous blogpost, “Hunting APTs with YARA” then you probably know about the webinar we’ve done on March 31, 2020, After it we received a number of interesting questions and as I promised, I will try to answer them below. Continue reading YARA webinar follow up
If you have wondered how to leverage YARA better and how to achieve a new level of knowledge in APT detection, mitigation and response, we can help a bit with a preview of the secret ingredients. Continue reading Hunting APTs with YARA
Moonlight Maze is the stuff of cyberespionage legend. In 1996, in the infancy of the Internet, someone was rummaging through military, research, and university networks primarily in the United States, stealing sensitive information on a massive scale. To say that this historic threat actor is directly related to the modern day Turla would elevate an already formidable modern day attacker to another league altogether. Continue reading Penquin’s Moonlit Maze
Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012. Continue reading From Shamoon to StoneDrill
Kaspersky Lab discovers CVE-2016-4171 used in limited targeted attacks to compromise high profile victims. Continue reading Operation Daybreak
Earlier today, Adobe published the security advisory APSA16-03, which describes a critical vulnerability in Adobe Flash Player version 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS: A few of months ago, we deployed a new set of… Read Full Article Continue reading CVE-2016-4171 – Adobe Flash Zero-day used in targeted attacks
This week, a large fraction of the world’s top security professionals converge into the wonderful city of San Francisco for RSA Conference 2016. Spread across several halls and buildings, the event has grown to be a kind of “meet anyone” type of conference/show, where you can’t walk for more than a 100 meters without running into a friend, colleague or customer. Perhaps it is no surprise that due to the popularity of the RSA Conference, many companies choose to announce new products or discoveries here. Continue reading Hello from #RSA2016!