no-image

Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage

Kaspersky Lab exposes first ever publicly known Brazilian Portuguese cyberespionage campaign targeting financial institutions as well as telecommunications, manufacturing, energy and media companies. Poseidon Group is a commercial entity whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims. Read Full Article

no-image

I am HDRoot! Part 2

Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article

no-image

I am HDRoot! Part 1

Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article

no-image

Darkhotel’s attacks in 2015

In 2015, many of Darkhotel’s techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team. Read Full Article

no-image

Corporate Threats in 2013 – The Expert Opinion

[youtube https://www.youtube.com/watch?v=KL_yaT1_OsI] Companies are increasingly falling victim to cyber-attacks. According to a recent survey conducted by Kaspersky Lab and B2B International, 9% of the organizations polled were the victims of targeted attacks – carefully planned activity aimed at infecting the… Read Full Article