no-image

Olympic Destroyer is still alive

In May-June 2018 we discovered new spear-phishing documents that closely resembled weaponized documents used by Olympic Destroyer in the past. This and other TTPs led us to believe that we were looking at the same actor again. However, this time the attacker has new targets. Read Full Article

no-image

Expert: cross-platform Adwind RAT

Kaspersky Lab researcher Vitaly Kamluk gave a talk about the latest version of the cross-platform Adwind RAT. The remote access Trojan is unique in that it’s written in JavaScript, giving this version — which is also known as Frutas, AlienSpy and JSocket — the flexibility to be used liberally in cybercrime operations as well as in targeted attacks. Read Full Article

no-image

Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage

Kaspersky Lab exposes first ever publicly known Brazilian Portuguese cyberespionage campaign targeting financial institutions as well as telecommunications, manufacturing, energy and media companies. Poseidon Group is a commercial entity whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims. Read Full Article

no-image

Adwind: FAQ

Adwind – a cross-platform RAT, multifunctional malware program which is distributed through a single malware-as-a-service platform. Different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organizations around the world. Read Full Article

no-image

PlugX is Becoming Mature

Recently, a new Remote Administration Tool has been discovered that started appearing here and there in targeted attacks. This tool is “PlugX”. Researchers have even tracked someone suspected of creating that malware – one of the members of the Chinese hacking group NCPH, which is allegedly in the service of PLA. Read Full Article