Malware Technologies – Page 17

Sunburst backdoor – code overlaps with Kazuar

Posted on January 11, 2021 by Georgy Kucherin

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years. Continue reading Sunburst backdoor – code overlaps with Kazuar→

Lazarus covets COVID-19-related intelligence

Posted on December 23, 2020 by Seongsu Park

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research. Continue reading Lazarus covets COVID-19-related intelligence→

Sunburst: connecting the dots in the DNS requests

Posted on December 18, 2020 by Igor Kuznetsov

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs. Continue reading Sunburst: connecting the dots in the DNS requests→

APT annual review: What the world’s threat actors got up to in 2020

Posted on December 3, 2020 by GReAT

We track the ongoing activities of more than 900 advanced threat actors. Here we try to focus on what we consider to be the most interesting trends and developments of the last 12 months. Continue reading APT annual review: What the world’s threat actors got up to in 2020→

What did DeathStalker hide between two ferns?

Posted on December 3, 2020 by Pierre Delcher

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”. Continue reading What did DeathStalker hide between two ferns?→

What did DeathStalker hide between two ferns?

Posted on December 3, 2020 by Pierre Delcher

IT threat evolution Q3 2020

Posted on November 20, 2020 by David Emm

MATA framework, Garmin attack, Operation PowerFall, DeathStalker group and other events of 2020. Continue reading IT threat evolution Q3 2020→

Targeted ransomware: it’s not just about encrypting your data!

Posted on November 11, 2020 by Dmitry Bestuzhev

When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data – it’s primarily about data exfiltration. Continue reading Targeted ransomware: it’s not just about encrypting your data!→

Ghimob: a Tétrade threat actor moves to infect mobile devices

Posted on November 9, 2020 by GReAT LatAm

Guildma’s new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies. Continue reading Ghimob: a Tétrade threat actor moves to infect mobile devices→

Life of Maze ransomware

Posted on October 21, 2020 by Fedor Sinitsyn

In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations. Continue reading Life of Maze ransomware→