Incidents

A Sober night

As we’ve stated elsewhere, Sober.y is programmed to start updating itself after 00:00 hrs (GMT) on 6th January – that’s tonight.

Although everyone in the antivirus world is watching with baited breath, the anticipated epidemic may not hit for a while. Some of the sites which could host the malicious binary files may be shut down successfully before the trigger time. Additionally, it’s up to the bad guys to choose the real activation date by placing (or not) the update on the net.

In short, no-one can tell exactly what the impact of 6th January on virus history will be.

We always recommend that users be on the lookout for suspicious activity. Given the uncertainty about exactly when Sober will start updating, this is going to be even more important for the next couple of days, or even weeks.

We’re on the lookout, high alert, and will keep you posted.

A Sober night

Your email address will not be published. Required fields are marked *

 

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox