All publications

Rare bank phishing attack on Monday

Loading...

Authors Categories Tags

Reports

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.

Archive

Like clockwork

Google helps phishers

Wardriving in Paris

Who wants to be a money launderer?

Major data leak from Russian banks

If you haven’t already patched – do it now

Are all antivirus created equal?

Hacking in the name of the law

Latest Word vulnerability and the usual reminder

An inventive approach

AVAR 9th Edition

Infected Valuehost servers

Virus Top Twenty for November 2006

Online Scanner Top Twenty for November 2006

Computers, Networks and Theft: Part 2

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

How I hacked my smart bracelet

Reports

Sunburst backdoor – code overlaps with Kazuar

Lazarus covets COVID-19-related intelligence

Sunburst: connecting the dots in the DNS requests

What did DeathStalker hide between two ferns?

Subscribe to our weekly e-mails