Watering hole attacks – WindowsTechs.com

The zero-day exploits of Operation WizardOpium

Posted on May 28, 2020 by Boris Larin

Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a deep technical dive into the attack. Continue reading The zero-day exploits of Operation WizardOpium→

IT threat evolution Q1 2020

Posted on May 20, 2020 by David Emm

Operation AppleJeus, news about Roaming Mantis, watering-hole websites in Asia, virus blast from the past and other targeted attacks and malware campaigns. Continue reading IT threat evolution Q1 2020→

Holy water: ongoing targeted water-holing attack in Asia

Posted on March 31, 2020 by GReAT

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. Continue reading Holy water: ongoing targeted water-holing attack in Asia→

Google sent ~40K warnings to targets of state-backed attackers in 2019

Posted on March 30, 2020 by Lisa Vaas

Google has seen a rising number of attackers impersonating news outlets and journalists to spread fake news among other reporters. Continue reading Google sent ~40K warnings to targets of state-backed attackers in 2019→

Google sent ~40K warnings to targets of state-backed attackers in 2019

Posted on March 30, 2020 by Lisa Vaas

iOS exploit chain deploys LightSpy feature-rich malware

Posted on March 26, 2020 by Alexey Firsh

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Continue reading iOS exploit chain deploys LightSpy feature-rich malware→

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Posted on November 1, 2019 by AMR

Recently, we caught a new unknown exploit for Chrome browser. We promptly reported this to the Google. After reviewing of the PoC we provided, the company confirmed there was a zero-day vulnerability and assigned it CVE-2019-13720. Continue reading Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium→

StrongPity APT Returns with Retooled Spyware

Posted on July 17, 2019 by Tara Seals

The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks. Continue reading StrongPity APT Returns with Retooled Spyware→

IT threat evolution Q2 2018

Posted on August 6, 2018 by David Emm

Olympic Destroyer worm, Roaming Mantis mobile banker, Operation Parliament cyber-espionage campaign, SynAck ransomware and other notable targeted attacks and malware campaigns of Q2 2018. Continue reading IT threat evolution Q2 2018→

LuckyMouse hits national data center to organize country-level waterholing campaign

Posted on June 13, 2018 by Denis Legezo

In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active since autumn 2017. The choice of target made this campaign especially significant – it meant the attackers gained access to a wide range of government resources at one fell swoop. Continue reading LuckyMouse hits national data center to organize country-level waterholing campaign→