MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41. Continue reading MoonBounce: the dark side of UEFI firmware

The BlueNoroff cryptocurrency hunt is still on

It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Continue reading The BlueNoroff cryptocurrency hunt is still on

PseudoManuscrypt: a mass-scale spyware attack campaign

Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s arsenal. Continue reading PseudoManuscrypt: a mass-scale spyware attack campaign

ScarCruft surveilling North Korean defectors and human rights activists

The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group. Continue reading ScarCruft surveilling North Korean defectors and human rights activists

WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

In this report we provide details on a malicious VBS implant distributed via MS Excel droppers and a fake “Kaspersky Update Agent” which we attribute to WIRTE APT who may be linked to Gaza Cybergang. Continue reading WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

IT threat evolution Q3 2021

WildPressure and LuminousMoth threat actors, FinSpy implants, zero-day vulnerabilities and PrintNightmare, threats for Linux and macOS in our review of Q3 2021. Continue reading IT threat evolution Q3 2021

Advanced threat predictions for 2022

Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year. Continue reading Advanced threat predictions for 2022