targeted attack – WindowsTechs.com

BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool

Posted on June 18, 2020 by Oana ASOLTANEI

In 2016, a sophisticated malware campaign targeting Pakistani nationals made headlines. Dubbed Bitter, the Advanced Persistent Threat group (also known as APT-C-08) has been active both in desktop and mobile malware campaigns for quite a long time, as … Continue reading BitterAPT Revisited: the Untold Evolution of an Android Espionage Tool→

Mandrake – owning Android devices since 2016

Posted on May 14, 2020 by Bogdan Botezatu

In early 2020 we identified a new, highly sophisticated Android espionage platform that had been active in the wild for at least 4 years. We named the threat Mandrake as the actor(s) behind it used names of toxic plants, or other botanical references, … Continue reading Mandrake – owning Android devices since 2016→

Upgraded Cerberus Spyware Spreads Rapidly via MDM

Posted on May 1, 2020 by Tara Seals

No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers. Continue reading Upgraded Cerberus Spyware Spreads Rapidly via MDM→

More phishing attacks on Yahoo and Gmail SMS 2FA authentication

Posted on December 21, 2018 by John E Dunn

The second report in a week has analysed phishing attacks that are attempting – and probably succeeding – in bypassing older forms of two-factor authentication (2FA). Continue reading More phishing attacks on Yahoo and Gmail SMS 2FA authentication→

Highly Targeted Ransomware SamSam Earned Its Creator $6 Million

Posted on August 1, 2018 by Lucian Constantin

A ransomware threat called SamSam that’s known for crippling IT systems in hospitals, schools and government organizations has made many more victims than previously believed. Security researchers from Sophos worked with cryptocurrency tracking … Continue reading Highly Targeted Ransomware SamSam Earned Its Creator $6 Million→

InvisiMole Burrows into Targets with Rich Espionage Tools

Posted on June 11, 2018 by Tara Seals

With a nest full of spy capabilities and good hiding techniques, the InvisiMole was able to tunnel under the radar for at least five years.” Continue reading InvisiMole Burrows into Targets with Rich Espionage Tools→

Energetic Bear/Crouching Yeti: attacks on servers

Posted on April 23, 2018 by Kaspersky Lab ICS CERT

This report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the Energetic Bear/Crouching Yeti group. The report also includes the findings of an analysis of several webservers compromised by the group during 2016 and in early 2017. Continue reading Energetic Bear/Crouching Yeti: attacks on servers→

RadRAT: An all-in-one toolkit for complex espionage ops

Posted on April 13, 2018 by Bogdan Botezatu

Around February this year, we came across a piece of malware that had previously gone unnoticed. Buried in the malware zoo, the threat seems to have been operational since at least 2015, undocumented by the research community. Our interest was sti… Continue reading RadRAT: An all-in-one toolkit for complex espionage ops→

Operation Parliament, who is doing what?

Posted on April 12, 2018 by GReAT

Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative, executive and judicial bodies around the world. Continue reading Operation Parliament, who is doing what?→

Masha and these Bears

Posted on March 9, 2018 by GReAT

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile. Continue reading Masha and these Bears→