APT (Targeted attacks)

GreAT has discovered new malware attacks in Syria, using some techniques to hide and operate malware, in addition to proficient social engineering tricks to deliver malware by tricking and tempting victims to open and launch malicious files.

Over the last 10 months, we have analyzed a massive cyber-espionage operation which we call “Epic Turla”. The attackers have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies. We observed exploits against older (patched) vulnerabilities, social engineering techniques and watering hole strategies.

Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. 927,568 computers running Kaspersky Lab products were attacked by banking malware. 65,118 new malicious mobile programs were detected. 2033 mobile banking Trojans were detected in this period, 1.7 times more than last quarter.

Energetic Bear/Crouching Yeti is an actor involved in several advanced persistent threat (APT) campaigns that has been active going back to at least the end of 2010.

Over the past decade, APT have intensely targeted organizations and individuals across India. Its developing base of technology, its geographical location and bounds, its inclusive and riotous political energy, and its growing economic weight makes it a special place of interest for badly intentioned cyber attackers.

In 2013, together with our partner CrySyS Lab, we announced our research on a new APT actor we dubbed “Miniduke”.

Microsoft seized 22 domains previously owned by Vitalwerks, company behind dynamic dns service NO-IP

More than a year has passed since the release of our last article on HackingTeam, the Italian company that develops a “legal” spyware tool known as Remote Control System, or short, RCS.

Syria suffered yet another large-scale Internet black out that lasted for about seven hours. In contrast to previous incidents this time a cut off fiber optic cable was deemed responsible for leaving most of the country off-line.

The past few days has seen an extensive discussion within the IT security industry about a cyberespionage campaign called Turla, aka Snake and Uroburos, which, according to G-DATA experts, may have been created by Russian special services. One of the main conclusions also pointed out by research from BAE SYSTEMS, is a connection between the authors of

The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated piece of malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (iOS).

During the past months we have been busy analysing yet another sophisticated cyberespionage operation which has been going on at least since 2007, infecting victims in 27 countries. We deemed this operation “The Mask”.

During our monitoring of the Icefog attackers, we observed an interesting type of connection which seemed to indicate a Java version of Icefog, further to be referenced as “Javafog”.

Over the last few years, we’ve seen a number of major incidents involving destructive malware. We’ve decided to put together a brief summary the most important Wiper incidents

Attacchi di phishing nei confronti dei clienti di Poste Italiane PDF Version The number of serious cyber-attacks detected over the last two years has increased so much that new attacks rarely cause much surprise. It’s now commonplace for antivirus companies to issue a report about the discovery of another botnet or highly sophisticated malware campaign