Collaborate Disseminate
‘ProjectSauron’ – a nation-state threat actor attacking state organizations with a unique set of tools for each victim, making traditional indicators of compromise almost useless. The aim of the attacks appears to be mainly cyber-espionage. Continue reading ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms
A threat actor, likely operating from India, was undertaking aggressive cyber-espionage activity in the Asian region, targeting multiple diplomatic and government entities with a particular focus on China and its international affairs. Continue reading The Dropping Elephant actor
Last week we reported on the xDedic underground marketplace. The day after, an anonymous source posted the links pointed to a series of pastes on the Pastebin, which in turn contained long lists of IP addresses. The author of the comment mentioned that the list of pastes is related to hacked servers from the xDedic marketplace. Continue reading The Tip of the Iceberg: An Unexpected Turn in the xDedic Story
Over the last two years, deep in the slums of the Internet, a different kind of underground market has flourished. The short, cryptic name perhaps doesn’t say much about it: xDedic. However, on this obscure marketplace anyone can purchase more than 70,000 hacked servers from all around the Internet. Continue reading xDedic – the shady world of hacked servers for sale
Cyberespionage attacks conducted by different groups across the Asia-Pacific (APAC) and Far East regions share one common feature: in order to infect their victims with malware, the attackers use an exploit for the CVE-2015-2545 vulnerability. Continue reading CVE-2015-2545: overview of current threats
In 2009, instead of infecting the computers of users worldwide, criminals went directly after the ATM itself – infecting it with malware called Skimer. Seven years later, our experts discovered a new, improved, version of Skimer. Continue reading ATM infector
Our contributions on targeted attack activity and other areas to a report like this one over the past several years is important to help to improve cyber-security awareness and education both in the security industry and the general public. Continue reading Contributing to the Annual DBIR
Instead of developing customized hacking tools or buying them from third-party suppliers on the criminal underground, cyberespionage threat actors are using tools available on the web for research purposes. Several cyberespionage campaigns utilizing such tools have been spotted recently by experts. Continue reading Freezer Paper around Free Meat
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. The incident Israeli banks experienced had a very fascinating and innovative method of stealing the money. Continue reading ATMZombie: banking trojan in Israeli waters