MATA framework, Garmin attack, Operation PowerFall, DeathStalker group and other events of 2020.
As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig.
In 2019, on VirusTotal, we encountered a curious piece of Android spyware which, when analyzed, seemed connected to GravityRAT. The cybercriminals had added a spy module to Travel Mate, an Android app for travelers to India, the source code of which is available on Github.
During the second quarter Kaspersky solutions blocked 899,744,810 attacks launched from online resources across the globe, as many as 286,229,445 unique URLs triggered Web Anti-Virus components.
While we already described the exploit for Internet Explorer in the original blog post about Operation PowerFall, we also promised to share more details about the elevation of privilege exploit. Let’s take a look at vulnerability CVE-2020-0986.
Kaspersky prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits.
Exploit kits still play a role in today’s threat landscape and continue to evolve. For this blogpost I studied and analyzed the evolution of one of the most sophisticated exploit kits out there – Magnitude EK – for a whole year.
Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a deep technical dive into the attack.
Kaspersky solutions blocked 726,536,269 attacks launched from online resources across the globe, a total of 442,039,230 unique URLs were recognized as malicious.
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020.
A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page.
During the year, Kaspersky solutions repelled 975 491 360 attacks launched from online resources located all over the world and 273 782 113 unique URLs were recognized as malicious by web antivirus components.
During our investigation, we discovered that yet another 0-day exploit (CVE-2019-1458) was used in Operation WizardOpium attacks.
Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe; 560,025,316 unique URLs were recognized as malicious by Web Anti-Virus components.
This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.
We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.
We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.
Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.