Research

The spam constant

It may sound strange, but the volume of spam is pretty much a constant; sharp fluctuations are usually linked to a major event – the closure of McColo meant a very noticeable drop in the amount of spam circulating.

But this month the opposite seems to be true. Here’s a little graph of our spam stats for 15th – 23rd April. The fluctuations are pretty striking.

For the last two days, though, we’ve been receiving about the average amount of spam. We couldn’t come up with a logical explanation for the sharp increase – the obvious suspect, Kido (and Iksmas, which it downloads to infected machines) hadn’t shown any unusual burst of activity.

But then we remembered that over here in Russia, we celebrated Easter on 19 April. Spammers are people and have lives too – the statistics indicate that they took time off and then started sending a lot of spam to make up for missed time.

Cases like this are rare, but if anything changes, and the amount of spam starts fluctuating wildly, we’ll keep you posted as to why.

The spam constant

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox