CeBIT almost at an end

CeBIT is coming to an end, and as always it’s been interesting.

From my point of view the most interesting thing happened on Saturday when we were leaving the exhibition grounds via a different exit to our usual one.

My phone beeped. When I took a look I saw that a device was trying to send me a file.

The file was over 1MB large. On closer examination it turned out to be a ‘map’ of all the CeBIT exhibitors.

Naturally the filename “cebit06_light_31.sis” more or less indicated that it was CeBIT related, but it could have very well been a social engineering trick.

Especially in this light, I was disappointed to see that the installer was not signed.

We are trying to raise awareness of (not) accepting unknown files on your mobile, and particularly we’re trying to highlight that installers should be signed.

If major companies don’t sign their installers, why should anyone else pay attention?

I just hope we’ll see a signed installer next year.

CeBIT almost at an end

Your email address will not be published.



Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox