I am HDRoot! Part 2

Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article


I am HDRoot! Part 1

Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article

Gaza cybergang, where’s your IR team?

Gaza cybergang is a politically motivated Arabic cybercriminal group operating in the MENA (Middle East North Africa) region, mainly Egypt, United Arab Emirates and Yemen. The group has been operating since 2012 and became particularly active in Q2 2015. Read Full Article

Darkhotel’s attacks in 2015

In 2015, many of Darkhotel’s techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team. Read Full Article