Collaborate Disseminate
We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system. Continue reading A new secret stash for “fileless” malware
We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS. Continue reading Wildpressure targets the macOS platform
In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. The malware authors named the toolset “MT3”; following this abbreviation we have named the toolset “MontysThree”. Continue reading MontysThree: Industrial espionage with steganography and a Russian accent on both sides
In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. We attribute this campaign with high confidence to the SixLittleMonkeys (aka Microcin) threat actor. Continue reading Microcin is here
Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Continue reading WildPressure targets industrial-related entities in the Middle East
Throughout the autumn of 2018 we analyzed a long-standing (and still active at that time) cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might be a domestic cyber-espionage operation. Continue reading Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active since autumn 2017. The choice of target made this campaign especially significant – it meant the attackers gained access to a wide range of government resources at one fell swoop. Continue reading LuckyMouse hits national data center to organize country-level waterholing campaign
We all know how easy it is for users to connect to open Wi-Fi networks in public places. A lack of essential traffic encryption for Wi-Fi networks where official and global activities are taking place – such as at locations around the forthcoming FIFA World Cup 2018 – offers especially fertile ground for criminals. Continue reading FIFA public Wi-Fi guide: which host cities have the most secure networks?
Confidential data can be protected by encrypting traffic at wireless access points. In fact, this method of protection is now considered essential for all Wi-Fi networks. But what actually happens in practice? Continue reading Research on unsecured Wi-Fi networks across the world
Confidential data can be protected by encrypting traffic at wireless access points. In fact, this method of protection is now considered essential for all Wi-Fi networks. But what actually happens in practice? Continue reading Research on unsecured Wi-Fi networks across the world