Archive: All - Securelist

Kaspersky Security Bulletin 2015. Evolution of cyber threats in the corporate sector

December 10, 2015, 10:52 am.

The data collected from Kaspersky Lab products shows that the tools used to attack businesses differ from those used against home users. Let’s have a look back at the major incidents of 2015 and at the new trends we have observed in information security within the business environment. Read Full Article

Publications

I am HDRoot! Part 2

October 13, 2015, 9:53 am.

Dmitry Tarakanov

Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article

Publications

I am HDRoot! Part 1

October 6, 2015, 2:00 am.

Dmitry Tarakanov

Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article

APT reports

Games are over: Winnti is now targeting pharmaceutical companies

June 22, 2015, 2:19 pm.

Dmitry Tarakanov

Winnti malware has been spotted being used against pharmaceutical industry. Read Full Article

APT reports

Winnti returns with PlugX

April 15, 2013, 12:47 pm.

Dmitry Tarakanov

Continuing our investigation into Winnti, in this post we describe how the group tried to re-infect a certain gaming company and what malware they used. In the course of our efforts to remove the infection, the gaming company sent us suspicious files that were appearing on their computers. Many of these files were samples of Winnti malware. Read Full Article

APT reports

The Winnti honeypot – luring intruders

April 11, 2013, 5:23 pm.

Dmitry Tarakanov

During our research on the Winnti group we have managed to discovered quite a considerable amount of Winnti samples targeting different gaming companies. With the help ofUsing thisat sophisticatedcomplicated malicious program cybercriminals gained remote access to infected workstations and then carried out further they activityed manually. Read Full Article

APT reports

Winnti. More than just a game

April 11, 2013, 5:00 pm.

GReAT

In the course of our research we uncovered the activity of a hacking group which has Chinese origins. This group was named “Winnti”. According to our estimations, this group has been active for several years and specializes in cyberattacks against the online video game industry. Read Full Article

APT reports

Winnti 1.0 technical analysis

April 11, 2013, 4:28 pm.

Dmitry Tarakanov

The favorite tool of the attackers has been malicious program we called “Winnti”. It has evolved since the first use, but we divide all variants into two generations: 1.x and 2.x. Our publication describes 1.0 variant of this tool. Read Full Article

Kaspersky

Securelist Archive

Tag: Winnti

Kaspersky Security Bulletin 2015. Evolution of cyber threats in the corporate sector

I am HDRoot! Part 2

I am HDRoot! Part 1

Games are over: Winnti is now targeting pharmaceutical companies

Winnti returns with PlugX

The Winnti honeypot – luring intruders

Winnti. More than just a game

Winnti 1.0 technical analysis

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001