The return of the BOM

There’s nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It’s just that this time around the bad guys have started using a method that was reported in the wild years ago – the UTF-8 BOM (Byte Order Mark) additional bytes. Read Full Article

A Zebrocy Go Downloader

The Sofacy subset we identify as “Zebrocy” continues to target Central Asian government related organizations, both in-country and remote locations, along with a new middle eastern diplomatic target. And, as predicted, they continue to build out their malware set with a variety of scripts and managed code. Read Full Article

First Annual Cyberwarcon

Cyberwarcon is a brand new event organized yesterday in Arlington, Virginia, and delivered eight hours of fantastic content. The list of speakers was diverse in their interests, from big data visualization technologies and analysis of social media misinformation campaigns, to incidents of Russian speaking APT in the US electrical grid. Read Full Article

MuddyWater expands operations

MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US. Read Full Article

Dark Tequila Añejo

Dark Tequila is a complex malicious campaign targeting Mexican users, with the primary purpose of stealing financial information, as well as login credentials to popular websites that range from code versioning repositories to public file storage accounts and domain registrars. Read Full Article