APT10: Tracking down LODEINFO 2022, part II
In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. Continue reading APT10: Tracking down LODEINFO 2022, part II
Collaborate Disseminate
In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. Continue reading APT10: Tracking down LODEINFO 2022, part II
The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor. Continue reading APT10: Tracking down LODEINFO 2022, part I
We’ve observed some new activities by Roaming Mantis in 2021, and some changes in the Wroba malware that’s mainly used in this campaign. Furthermore, we discovered that France and Germany were added as primary targets of Roaming Mantis. Continue reading Roaming Mantis reaches Europe
A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before. Continue reading APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. Continue reading Roaming Mantis, part V
In May, while monitoring Roaming Mantis, aka MoqHao and XLoader, we observed significant changes in their M.O. The group’s activity expanded geographically and they broadened their attack/evasion methods. Their landing pages and malicious apk files now support 27 languages covering Europe and the Middle East. Continue reading Roaming Mantis dabbles in mining and phishing multilingually
In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’. Continue reading Roaming Mantis uses DNS hijacking to infect Android smartphones
Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently. This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the… Read Full Article Continue reading Old Malware Tricks To Bypass Detection in the Age of Big Data
Hacks in Taiwan Conference (HITCON) Pacific 2016 was held in Taipei city, Taiwan from the 27th of November to the 3rd of December this year. The concept of this event is about “The Fifth Domain: Cyber | Homeland Security”. Continue reading Notes from HITCON Pacific 2016
Hacks in Taiwan Conference (HITCON) 2016 was held on 22 – 23 July 2016 in Taipei, Taiwan. The theme of HITCON Community this year is “Security or Nothing”, focusing on hacking techniques and information security. About 1,500 participants attended to… Read Full Article Continue reading Conference Report: HITCON 2016 in Taipei