Collaborate Disseminate
The DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. Continue reading IAmTheKing and the SlothfulMedia malware family
We found a compromised UEFI firmware image that contained a malicious implant. To the best of our knowledge, this is the second known public case where malicious UEFI firmware in use by a threat actor was found in the wild. Continue reading MosaicRegressor: Lurking in the Shadows of UEFI
Targeted attacks and APT groups, new malware and the COVID-19 pandemic exploitation in the second quarter of 2020 Continue reading IT threat evolution Q2 2020
While we already described the exploit for Internet Explorer in the original blog post about Operation PowerFall, we also promised to share more details about the elevation of privilege exploit. Let’s take a look at vulnerability CVE-2020-0986. Continue reading Operation PowerFall: CVE-2020-0986 and variants
In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe. Continue reading Transparent Tribe: Evolution analysis,part 2
DeathStalker is a unique threat group that appears to target law firms and companies in the financial sector. They don’t deploy ransomware or steal payment information to resell it, their interest in gathering sensitive business information. Continue reading Lifting the veil on DeathStalker, a mercenary triumvirate
Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Continue reading Transparent Tribe: Evolution analysis,part 1
A new CactusPete campaign shows that the group’s favored types of target remain the same. The victims of the new variant of the Bisonal backdoor were from financial and military sectors located in Eastern Europe. Continue reading CactusPete APT group’s updated Bisonal backdoor
Kaspersky prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits. Continue reading Internet Explorer and Windows zero-day exploits used in Operation PowerFall
According to currently available information, in the attack on Garmin a targeted build of the Trojan WastedLocker was used. We have performed technical analysis of the Trojan sample. Continue reading WastedLocker: technical analysis