no-image

I am HDRoot! Part 2

Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article

no-image

I am HDRoot! Part 1

Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article

no-image

The Careto/Mask APT: Frequently Asked Questions

The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated piece of malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (iOS). Read Full Article

no-image

A Glimpse Behind “The Mask”

The world of APTs is a colorful place. In 2012, we uncovered Flame, a massive cyberespionage operation infiltrating computers in the Middle East. Our research indicated a connection with the wellknown Stuxnet cyberweapon, designed to sabotage the Iranian nuclear program.In… Read Full Article

no-image

Winnti FAQ. More Than Just a Game

Today Kaspersky Lab’s team of experts published a detailed research report that analyzes a sustained cyberespionage campaign conducted by the cybercriminal organization known as Winnti. According to report, the Winnti group has been attacking companies in the online video game… Read Full Article

no-image

The Winnti honeypot – luring intruders

During our research on the Winnti group we have managed to discovered quite a considerable amount of Winnti samples targeting different gaming companies. With the help ofUsing thisat sophisticatedcomplicated malicious program cybercriminals gained remote access to infected workstations and then carried out further they activityed manually. Read Full Article

no-image

Winnti. More than just a game

In the course of our research we uncovered the activity of a hacking group which has Chinese origins. This group was named “Winnti”. According to our estimations, this group has been active for several years and specializes in cyberattacks against the online video game industry. Read Full Article

no-image

New 64-bit Linux Rootkit Doing iFrame Injections

A few days ago, an interesting piece of Linux malware came up on the Full Disclosure mailing-list. It’s an outstanding sample, not only because it targets 64-bit Linux platforms and uses advanced techniques to hide itself, but primarily because of the unusual functionality of infecting the websites hosted on attacked HTTP server – and therefore working as a part of drive-by download scenario.

Read Full Article