Incidents

Sober.y increased activity

Sober variants are well known for complex replication patterns and payloads. They have also been using spoofed e-mail addreses in the “From:” field, pretending to come from the FBI; reason enough for many unsuspecting users to fall victim to the worm. Sober.K, discovered on February 21 2005, was the first to pretend that.

Sober.y, which is currently the most popular variant, started spreading actively on Monday, November 21. Although it was released last week, it didn’t really pick up speed unless Monday, thanks to the help from a couple of other variants in the family, one of the complex replication patterns mentioned above.

Interesting enough, while we have plenty of reports from our mailpots distributed around the world, very few of them originate in Russia. This happened in the past, most of the time with the peak of reports originating in Germany. Overall, Sober.y is still behind Mytob.bi in absolute number of samples for the past 24 hours, but its rate of increase is higher, meaning it will probably become number one in the next day or so.

The outbreak is major, but according to our statistics, it’s no match for say, Sober.a back in 2003. One of the reasons for this is that generic protection, as well as the speed of reaction of antivirus companies has improved a lot since then, too.

Sober.y increased activity

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox