Collaborate Disseminate
Users of mobile devices in 2018 faced what could be the strongest cybercriminal onslaught ever seen. Over the course of the year, we observed both new mobile device infection techniques and a step-up in the use of tried-and-tested distribution schemes (for example, SMS spam). Continue reading Mobile malware evolution 2018
The Sofacy subset we identify as “Zebrocy” continues to target Central Asian government related organizations, both in-country and remote locations, along with a new middle eastern diplomatic target. And, as predicted, they continue to build out their malware set with a variety of scripts and managed code. Continue reading A Zebrocy Go Downloader
The Hades APT group continues its quest to stay under the radar. Continue reading Olympic Destroyer Wiper Changes Up Infection Routine
For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users. We named the actor DustSquad and have provided reports on four of their campaigns. In this blogpost we cover a malicious program for Windows called Octopus that mostly targets diplomatic entities. Continue reading Octopus-infested seas of Central Asia
Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn’t been seen much in the wild since. It was an interesting surprise, then, to discover its use in a dropper of the Osiris banking Trojan. We unpa… Continue reading Osiris dropper found using process doppelgänging
In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. Continue reading Silence – a new Trojan attacking financial organizations
A malicious Google Chrome extension being spread in phishing emails steals any data posted online by victims. Continue reading Malicious Chrome Extension Steals Data Posted to Any Website
We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘Microcin’ after microini, one of the malicious components used in it. Continue reading A simple example of a complex cyberattack