Cybercriminals’ interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And in 2017 there were ten times more than in 2016. That doesn’t bode well for the years ahead. Read Full Article
Olympic Destroyer worm, Roaming Mantis mobile banker, Operation Parliament cyber-espionage campaign, SynAck ransomware and other notable targeted attacks and malware campaigns of Q2 2018. Read Full Article
As researchers we interesting in developmental prototypes of malware that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto. Read Full Article
If you want to make the world safer, start with the smart things in your home. Or, to be more specific, start with your router – the core of any home network as well as an interesting research object. And that router you got from your ISP as part of your internet contract is even more interesting when it comes to research. Read Full Article
In January, we uncovered a sophisticated mobile implant Skygofree that provides attackers with remote control of infected Android devices. Network worm OlympicDestroyer attacked on the Olympic infrastructure just before the opening of the games in February. Read Full Article
ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. Read Full Article
This report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the Energetic Bear/Crouching Yeti group. The report also includes the findings of an analysis of several webservers compromised by the group during 2016 and in early 2017. Read Full Article
In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. Read Full Article
In our previous blog , we detailed our findings about the attack against the Pyeongchang 2018 WinterOlympics. For this investigation, our analysts were provided with administrative access to one of the affected servers located in a hotel based in Pyeongchang county, South Korea. In addition, we collected all available evidence from various private and public sources and worked with several companies on investigating the C&C infrastructure associated with the attackers. Read Full Article
A couple of days after the opening ceremony of the Winter Olympics in Pyeongchang, South Korea, we received information from several partners, on the condition of non-disclosure (TLP:Red), about a devastating malware attack on the Olympic infrastructure. Read Full Article