Incidents

Cabir source code published

Over the last few days we see several versions of Cabir. They are not very different from each other, just in unimportant ways.

Today we found out that the source code that these different versions were compiled from was published on the Internet. This means it can be accessed by anyone.

As far as we know, until now the Cabir source code was accessible only to a limited number of people, including members of the international virus writing group 29A. It was a 29A member who wrote the original version of Cabir. We think it was planned to publish the source code in the next edition of the group’s electronic journal.

However, it looks that someone has already got access to the code, and now it’s public. This will lead to a lot of new versions of Cabir, which has already been detected in the wild in 7 countries.

Cabir source code published

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox