From the beginning of 2019 until July, we have been able to identify different spear-phishing campaigns related to Cloud Atlas mostly focused on Russia, Central Asia and regions of Ukraine with ongoing military conflicts. Read Full Article
‘Twas the night before
Recently, the United States Cyber Command highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Read Full Article
ViceLeaker Operation: mobile espionage targeting Middle East
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation “ViceLeaker”, because of strings and variables in its code. Read Full Article
Plurox: Modular backdoor
The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins. Read Full Article
Platinum is back
In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. Read Full Article
IT threat evolution Q1 2019
Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019. Read Full Article
ScarCruft continues to evolve, introduces Bluetooth harvester
After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. Read Full Article
Operation ShadowHammer: a high-profile supply chain attack
In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility. Now it is time to share more details about the research with our readers. Read Full Article
Operation ShadowHammer
Operation ShadowHammer is a newly discovered supply chain attack that leveraged ASUS Live Update software. While the investigation is still in progress and full results and technical paper will be published during SAS 2019 conference in Singapore, we would like to share some important details about the attack. Read Full Article
A Zebrocy Go Downloader
The Sofacy subset we identify as “Zebrocy” continues to target Central Asian government related organizations, both in-country and remote locations, along with a new middle eastern diplomatic target. And, as predicted, they continue to build out their malware set with a variety of scripts and managed code. Read Full Article