Targeted Malware Reverse Engineering Workshop follow-up. Part 2

The Reverse Engineering webinar audience having been so active not only were we unable to address all the incoming questions online, we didn’t even manage to pack the rest of them in one blogpost. So here comes the second part of the webinar follow-up. Continue reading Targeted Malware Reverse Engineering Workshop follow-up. Part 2

Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). We believe it is exploited in the wild, potentially by several threat actors. Continue reading Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector. Continue reading The leap of a Cycldek-related threat actor

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before. Continue reading APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns. Continue reading Lazarus targets defense industry with ThreatNeedle