APT (Targeted attacks)

During the past months we have been busy analysing yet another sophisticated cyberespionage operation which has been going on at least since 2007, infecting victims in 27 countries. We deemed this operation “The Mask”.

During our monitoring of the Icefog attackers, we observed an interesting type of connection which seemed to indicate a Java version of Icefog, further to be referenced as “Javafog”.

Over the last few years, we’ve seen a number of major incidents involving destructive malware. We’ve decided to put together a brief summary the most important Wiper incidents

Attacchi di phishing nei confronti dei clienti di Poste Italiane PDF Version The number of serious cyber-attacks detected over the last two years has increased so much that new attacks rarely cause much surprise. It’s now commonplace for antivirus companies to issue a report about the discovery of another botnet or highly sophisticated malware campaign

Once again, it’s time for us to deliver our customary retrospective of the key events that have defined the threat landscape in 2013.

According to KSN data, Kaspersky Lab products detected and neutralized a total of 978 628 817 threats in the third quarter of 2013

Here are answers to the most frequently asked questions related to Icefog, an APT operation targeting entities in Japan and South Korea.

Since 2011 we have been tracking a series of attacks that we link to a threat actor called ‘Icefog’. We believe this is a relatively small group of attackers that are going after the supply chain.

We’re sharing Indicators of Compromise based on the OpenIOC framework for Icefog.

For several months, we have been monitoring an ongoing cyber-espionage campaign against South Korean think tanks. There are multiple reasons why this campaign is extraordinary in its execution and logistics. It all started one day when we encountered a somewhat unsophisticated spy program that communicated with its “master” via a public e-mail server. This approach

For several months, we have been monitoring an ongoing cyber-espionage campaign against South Korean think-tanks. There are multiple reasons why this campaign is extraordinary in its execution and logistics. It all started one day when we encountered a somewhat unsophisticated spy program that communicated with its “master” via a public e-mail server. This approach is

NetTraveler, an APT that infected hundreds of high profile victims in more than 40 countries, has returned with new tricks.

Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance

According to KSN data, Kaspersky Lab products detected and neutralized 1 345 570 352 threats in Q1 2013.

This article is based on technical data from KL experts and their analysis of the Korablin and Morcut malicious programs. A number of conclusions based on open source data.