Collaborate Disseminate
Gaza Cybergang(s) is a politically motivated Arabic-language cyberthreat actor, actively targeting the Middle East North Africa region. Group1 is the least sophisticated of the three attack Gaza groups. Continue reading Gaza Cybergang Group1, operation SneakyPastes
TajMahal’ is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. Continue reading Project TajMahal – a sophisticated new APT framework
There’s nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It’s just that this time around the bad guys have started using a method that was reported in the wild years ago – the UTF-8 BOM (Byte Order Mark) additional bytes. Continue reading The return of the BOM
Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. This campaign was active immediately prior to Central Asian high-level meeting and we suppose that actor behind still follows regional political agenda. Continue reading LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company
Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. Continue reading Attacks on industrial enterprises using RMS and TeamViewer
While intercepting traffic from a number of infected machines that showed signs of Remote Admin Tool malware known as HawkEye, we stumbled upon an interesting domain. It was registered to a command and control server (C2) which held stolen keylog data from HawkEye RAT victims, but was also being used as a one-stop-shop for purchasing hacking goods. Continue reading One-stop-shop: Server steals data then offers it for sale
While intercepting traffic from a number of infected machines that showed signs of Remote Admin Tool malware known as HawkEye, we stumbled upon an interesting domain. It was registered to a command and control server (C2) which held stolen keylog data from HawkEye RAT victims, but was also being used as a one-stop-shop for purchasing hacking goods. Continue reading One-stop-shop: Server steals data then offers it for sale