APT (Targeted attacks)

What were the most interesting developments in terms of APT activity during the year and what can we learn from them?

Mobile espionage targeting the Middle East, new FinSpy iOS and Android implants, Dtrack banking malware and other security news

RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group.

This is what we think might happen in the coming months, based on the knowledge of experts in this field and our observation of APT attacks – since APT threat actors have historically been the center of innovation.

Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium.

Well-known ‘Lost in Translation’ leak, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. In 2018, we found an APT described as the 27th function of this script, which we call ‘DarkUniverse’.

The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q3 2019.

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. We called these new modules ‘Reductor’ after a .pdb path left in some samples.

This report covers our team’s incident response practices for the year 2018. We have thoroughly analyzed all the service requests, customer conversations and incident response deliverables to provide you an overview in numbers.

Targeted attacks, malware campaigns and other security news in Q2 2019.

From the beginning of 2019 until July, we have been able to identify different spear-phishing campaigns related to Cloud Atlas mostly focused on Russia, Central Asia and regions of Ukraine with ongoing military conflicts.

The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q2 2019.

2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules.

Recently, the United States Cyber Command highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons.

In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation “ViceLeaker”, because of strings and variables in its code.