Events

Autumn leaves

Today is the last day of the ISSE/Secure 2007 conference, which is taking place in the beautiful city of Warsaw. I gave the keynote speech at ISSE, along with Steve Lipner from Microsoft. My presentation was about the transition from viruses to malware and the rise of cybercrime, showing some of the latest tricks used by malware authors with a focus on the Zlob and Zhelatin worms.

Last week was busy as well. We attended the Virus Bulletin Conference in Vienna where Roel gave a talk on a particular variant of Banker, a family of trojans designed to steal your bank account details in a very crafty way.

While we were away, the malware activity was restricted to the usual stream of Mytob, Banload, Banker trojans and Pinch variants. The Zhelatin gang seems to have stopped their activity for a bit – they’re probably preparing a new wave of attacks.

And over here in Romania, the academic year is starting in a couple of days so we’re enjoying a few days of calm, before the ‘Storm’.

Autumn leaves

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox