no-image

Operation Ghoul: targeted attacks on industrial and engineering organizations

We recently identified a cybercriminal operation targeting a large number of organizations, with focus on few countries more than others. Attackers are utilizing simple tools with proficient social engineering, highly successful with Industrial and engineering SMBs. Attacks are ongoing, slowly crippling businesses, spreading harm and ruin wherever they land, like a Ghoul. Read Full Article

no-image

The evolution of Brazilian Malware

Cybercrime in Brazil has changed drastically in the last few years, as it shifted from simple keyloggers to tailored remote administration tools that can run a complete attack by using the victim machine. As we know, they are in touch with cybercriminals from Eastern Europe, mainly Russians. Read Full Article

no-image

Spam and phishing in Q3 2015

In Q3 of 2015, the percentage of spam in email traffic accounted for 54.2%. The holiday season saw an increase in tourism-related malicious spam. Cybercriminals sent out fake notifications from well-known booking services, airlines and hotels, as well as emails from individuals. They typically included attached archives with different Trojan downloaders. Read Full Article

no-image

I am HDRoot! Part 2

Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article

no-image

I am HDRoot! Part 1

Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article