Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a deep technical dive into the attack. Read Full Article
IT threat evolution Q1 2020
Operation AppleJeus, news about Roaming Mantis, watering-hole websites in Asia, virus blast from the past and other targeted attacks and malware campaigns. Read Full Article
Holy water: ongoing targeted water-holing attack in Asia
On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. Read Full Article
iOS exploit chain deploys LightSpy feature-rich malware
A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Read Full Article
Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
Recently, we caught a new unknown exploit for Chrome browser. We promptly reported this to the Google. After reviewing of the PoC we provided, the company confirmed there was a zero-day vulnerability and assigned it CVE-2019-13720. Read Full Article
IT threat evolution Q2 2018
Olympic Destroyer worm, Roaming Mantis mobile banker, Operation Parliament cyber-espionage campaign, SynAck ransomware and other notable targeted attacks and malware campaigns of Q2 2018. Read Full Article
LuckyMouse hits national data center to organize country-level waterholing campaign
In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active since autumn 2017. The choice of target made this campaign especially significant – it meant the attackers gained access to a wide range of government resources at one fell swoop. Read Full Article
Who’s who in the Zoo
ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. Read Full Article
Energetic Bear/Crouching Yeti: attacks on servers
This report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the Energetic Bear/Crouching Yeti group. The report also includes the findings of an analysis of several webservers compromised by the group during 2016 and in early 2017. Read Full Article
APT Trends report Q3 2017
Beginning in the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of what research we have been conducting. This report serves as the next installment, focusing on important reports produced during Q3 of 2017. Read Full Article