Targeted attacks and APT groups, new malware and the COVID-19 pandemic exploitation in the second quarter of 2020 Read Full Article
CactusPete APT group’s updated Bisonal backdoor
A new CactusPete campaign shows that the group’s favored types of target remain the same. The victims of the new variant of the Bisonal backdoor were from financial and military sectors located in Eastern Europe. Read Full Article
APT trends report Q2 2020
This summary is based on our threat intelligence research and provides a representative snapshot of what we have published and discussed, focusing on activities that we observed during Q2 2020. Read Full Article
Naikon’s Aria
Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018. Read Full Article
APT trends report Q1 2020
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020. Read Full Article
Hiding in plain sight: PhantomLance walks into a market
In July 2019, a sophisticated backdoor trojan in Google Play was reported. We conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”, its earliest registered domain dating back to December 2015. Read Full Article
Loncom packer: from backdoors to Cobalt Strike
After the previous story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom. Read Full Article
Holy water: ongoing targeted water-holing attack in Asia
On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. Read Full Article
iOS exploit chain deploys LightSpy feature-rich malware
A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Read Full Article
Mokes and Buerak distributed under the guise of security certificates
We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired. Read Full Article