Tropic Trooper spies on government entities in the Middle East

Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East. Continue reading Tropic Trooper spies on government entities in the Middle East

A deep dive into the most interesting incident response cases of last year

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. Continue reading A deep dive into the most interesting incident response cases of last year

Head Mare: adventures of a unicorn in Russia and Belarus

Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore. Continue reading Head Mare: adventures of a unicorn in Russia and Belarus

HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers. Continue reading HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat

Major Backdoor in Millions of RFID Cards Allows Instant Cloning

Backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.
The post Major Backdoor in Millions of RFID Cards Allows Inst… Continue reading Major Backdoor in Millions of RFID Cards Allows Instant Cloning

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools. Continue reading EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

FIN7 sells improved EDR killer tool

The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows&#821… Continue reading FIN7 sells improved EDR killer tool