Collaborate Disseminate
Of all the forms of attack against financial institutions around the world, the one that brings traditional crime and cybercrime together the most is the malicious ecosystem that exists around ATM malware. Criminals from different backgrounds work together with a single goal in mind: jackpotting. Continue reading Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World
Beginning in the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of what research we have been conducting. This report serves as the next installment, focusing on important reports produced during Q3 of 2017. Continue reading APT Trends report Q3 2017
In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. Continue reading Silence – a new Trojan attacking financial organizations
Gaza cybergang is an Arabic politically motivated cyber criminal group, operating since 2012 and is actively targeting the MENA (Middle East North Africa) region. Gaza cybergang attacks have never slowed down, recent targets by the group does seem to be varied in nature, attackers do not seem to be selectively choosing targets, but rather seeking different kinds of MENA intelligence. Continue reading Gaza Cybergang – updated 2017 activity
On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it CVE-2017-11292 and released a patch earlier today. Continue reading BlackOasis APT and new targeted attacks leveraging zero-day exploit
On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it CVE-2017-11292 and released a patch earlier today. Continue reading BlackOasis APT and new targeted attacks leveraging zero-day exploit
As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure. Continue reading Introducing WhiteBear
In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The source of the queries was a software package produced by NetSarang. Our analysis showed that recent versions of the software had been surreptitiously modified to include an encrypted payload that could be remotely activated by a knowledgeable attacker. Continue reading ShadowPad in corporate networks
Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to help combat the ever-increasing threat from nation-state and other advanced actors. Continue reading APT Trends report Q2 2017
The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves “The ShadowBrokers”. These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most effectively of known ransomware to date. Continue reading A King’s Ransom It is Not