APT (Targeted attacks)

In the Device notification callback function, the module logs each connection and disconnection event. When a device is connected, it starts a new thread that manipulates this device

Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks (http://blog.seculert.com/2013/01/operation-red-october-java-angle.html).
In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exploitation (35f1572eb7759cb7a66ca459c093e8a1 – NewsFinder.jar), known as the Rhino exploit (CVE-2011-3544).

Here’s a link to the full paper (part 1) about our Red October research. During the next days, we’ll be publishing Part 2, which contains a detailed technical analysis of all the known modules. Please stay tuned. During the past five years, a high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and

In October 2012, Kaspersky Lab’s Global Research & Analysis Team initiated a new threat research after a series of attacks against computer networks of various international diplomatic service agencies

Yesterday, Jens ‘atom’ Steube, which most people know as the author of ‘hashcat’ – a GPU accelerated password recovery tool, released his Gauss cracker as open source software under a GPL license

Another wiper-like malware has been discovered.

This is Kaspersky Lab’s annual threat analysis report covering the major issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity.

Several days ago, a number of leaked documents from the Syrian Ministry of Foreign Affairs were published on Par:AnoIA, a new wikileaks-style site managed by the Anonymous collective.

Recently, a new Remote Administration Tool has been discovered that started appearing here and there in targeted attacks. This tool is “PlugX”.

Dubbed Narilam, the malware appears to be designed to corrupt databases. We have identified several samples related to this threat.

In May 2012, a Kaspersky Lab investigation detected a new nation-state cyber-espionage malware, which we named “Flame”

While analyzing the Flame malware that we detected in May 2012, Kaspersky Lab experts identified some distinguishing features of Flame’s modules.

Our previous analysis of the Flame malware, the advanced cyber-espionage tool that-s linked to the Stuxnet operation, was initially published at the end of May 2012 and revealed a large scale campaign targeting several countries in the Middle East

There have been persistent media reports that the Shamoon wiper malware we previously covered is linked to attacks against Saudi Aramco. The hardcoded date in the body of destructor matches exactly the declaration by a hacker group about the date and time when the Saudi Aramco company would had been hit but we still cannot

In April 2012, several stories were published about a mysterious malware attack shutting down computer systems at businesses throughout Iran. Several articles mentioned that a virus named Wiper was responsible. Yet, no samples were available from these attacks, causing many to doubt the accuracy of these reports. Following these incidents, the International Telecommunications Union (ITU)