miniduke-web-based-infection-vector

Miniduke: Web Based Infection Vector

Together with our partner CrySyS Lab, we’ve discovered two new, previously-unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victim’s PC. While inspecting one of the C&C servers of Miniduke, we… Read Full Article

a-slice-of-2017-sofacy-activity

A Slice of 2017 Sofacy Activity

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard. Read Full Article

dissecting-malware

Dissecting Malware

From March 30 through April 2, 2017, one of them — Principal Security Researcher at Kaspersky Lab Nicolas Brulez — will deliver a course on the subject he has been training people around the world on for 12 years, malware reverse engineering. Read Full Article

how-to-hunt-for-rare-malware

How to hunt for rare malware

At SAS 2017, Global Director of GReAT Costin Raiu and Principal Security Researchers Vitaly Kamluk and Sergey Mineev will provide Yara training for incident response specialists and malware researchers, who need an effective arsenal for finding malware. Read Full Article

sofacy-apt-hits-high-profile-targets-with-updated-toolset

Sofacy APT hits high profile targets with updated toolset

Sofacy (also known as “Fancy Bear”, “Sednit”, “STRONTIUM” and “APT28”) is an advanced threat group that has been active since around 2008, targeting mostly military and government entities worldwide, with a focus on NATO countries. More recently, we have also seen an increase in activity targeting Ukraine. Read Full Article