Incidents

Offensive attacks and the World Cup 2010

The World Cup 2010 is the most popular event running right now. The cyber criminals didn’t want to lose such “good” opportunity for them and already took advantage in some ways like sending spam leading to phishing sites, to spread malware and so on. All that attacks go through the end-point machines stealing personal information of the users. This is the most common “modus operandi” of the cyber criminals.

However today we found an interesting attack apparently not related to money. The attack was on the Indonesian government Web server. The gang behind the attack put a defacement on the hacked Web server clearly related with the World Cup activities:

If you visit the hacked Web site you will also be listening an official WorldCup song. In the past we saw a lot of cases when the Web servers were hacked based on political, racial and other motivations. Today we see sport related motivations joined by competitive spirit are also an influence on cyber criminals for launching offensive campaigns.

In the time when the cyber criminal’s activity is higher than usual, please pay special attention to your security. If you
don’t want to be a victim, just use the following basic security tips:

  1. Keep your Security solution updated
  2. Don’t click on any Twitts with shortened URLs
  3. If you get an email related to the World Cup 2010 don’t click on embedded links and don’t open any attachments it may contain.
  4. If you want to follow World Cup news, use your preferred and trusted News agency Web site. Don’t try to visit unknown sites that you found searching the Internet.
  5. Don’t click on any links in instant messages you may receive, even from your friends or colleagues.

Stay safe!

Offensive attacks and the World Cup 2010

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox