Incidents

Hacker hunting

Although it’s maybe better know known for its extreme location and beautiful landscapes, Chile has been recently making the news for hacker arrest stories. Carlos Amigo (aka SSH-2) and Leonardo Hernandez (aka Nettoxic) from the ”Byond Team” have recently been freed from jail while their case is still being investigated. Along with two other members from their group, they’ve been responsible for breaking into allegedly more than 8000 websites around the world, including the ‘Holy Grail’ of hacking – nasa.gov. YouTube has a video from the Chilean TV station ‘TVN’ on the arrest.

Across the ocean, in Spain, four people have been arrested for various charges including credit card theft and malware writing. Two of them are minors and were caught writing trojans which allowed them to capture embarassing webcam feeds that were later used to blackmail the victims.

Unfortunately, despite the number of computer crime related arrests that has been going up recently, the amount of crimeware that we have been receiving during the past months is on a constant up. These arrests are probably just the tip of the iceberg. Even so, they are most welcome.

Hacker hunting

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox