The data collected from Kaspersky Lab products shows that the tools used to attack businesses differ from those used against home users. Let’s have a look back at the major incidents of 2015 and at the new trends we have observed in information security within the business environment. Read Full Article
I am HDRoot! Part 2
Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article
I am HDRoot! Part 1
Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article
Games are over: Winnti is now targeting pharmaceutical companies
Winnti malware has been spotted being used against pharmaceutical industry. Read Full Article
Winnti returns with PlugX
Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. In the course of our efforts to remove the infection, the gaming company sent us suspicious files that were appearing on their computers. Many of these files were samples of Winnti malware. Read Full Article
The Winnti honeypot – luring intruders
During our research on the Winnti group we have managed to discovered quite a considerable amount of Winnti samples targeting different gaming companies. With the help ofUsing thisat sophisticatedcomplicated malicious program cybercriminals gained remote access to infected workstations and then carried out further they activityed manually. Read Full Article
Winnti. More than just a game
In the course of our research we uncovered the activity of a hacking group which has Chinese origins. This group was named “Winnti”. According to our estimations, this group has been active for several years and specializes in cyberattacks against the online video game industry. Read Full Article
Winnti 1.0 technical analysis
The favorite tool of the attackers has been malicious program we called “Winnti”. It has evolved since the first use, but we divide all variants into two generations: 1.x and 2.x. Our publication describes 1.0 variant of this tool. Read Full Article