Category: Securelist

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea. This article…

Read more →

In this report, we discuss the new multi-platform ransomware RedAlert (aka N13V) and Monster, as well as private 1-day exploits for the CVE-2022-24521 vulnerability. This article has been indexed from Securelist Read the original article: Ransomware updates & 1-day exploits

Read more →

Black Hat 2022 USA Briefings wrapped up this past week, along with its sister conference Defcon 30. Coming back from the COVID hiatus, the conferences were enthusiastically full compared to the 2021 ghost town. This article has been indexed from…

Read more →

We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI. They were masquerading as one of the most popular open-source packages named “requests“. This article has been indexed from Securelist…

Read more →

In this research, we observed various types of threats that mimic useful web browser extensions, and the number of users attacked by them. This article has been indexed from Securelist Read the original article: Threat in your browser: what dangers…

Read more →

Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2022.…

Read more →

In Q2 2022, we detected 405,684 mobile malware installation packages, of which 55,614 packages were related to mobile banking trojans, and 3,821 packages were mobile ransomware trojans. This article has been indexed from Securelist Read the original article: IT threat…

Read more →

ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families. This article has been indexed from Securelist Read the original article: IT threat evolution…

Read more →

We released Python-based command line tools for our OpenTIP service that also implement a client class that you can reuse in your own tools. This article has been indexed from Securelist Read the original article: OpenTIP, command line edition

Read more →

In late August 2020, we published an overview of DeathStalker’s profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns (PowerPepper was later documented in 2020). Notably, we exposed why we believe the threat actor may fit a group…

Read more →

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly. This article…

Read more →

Kaspersky ICS CERT experts detected a wave of targeted attacks in several East European countries, as well as Afghanistan. Of the six backdoors identified on infected systems, five have been used earlier in attacks attributed to APT TA428. This article…

Read more →

Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in Q1. Also, we saw the continuation of a trend that began in spring: an increase in superlong attacks. This article has been indexed…

Read more →

This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. This article has been indexed from Securelist Read the…

Read more →

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022. This article has been indexed from Securelist Read the original article: APT trends report Q2 2022

Read more →

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. This article has been indexed from Securelist Read the original article: CosmicStrand: the discovery of a sophisticated UEFI firmware…

Read more →

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta. This article has been indexed from Securelist Read the original article: Luna and Black Basta — new ransomware for Windows, Linux…

Read more →

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics. This article has been indexed from Securelist Read the original article: Text-based fraud: from 419 scams to vishing

Read more →

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics. This article has been indexed from Securelist Read the original article: Text-based fraud: from 419 scams to vishing

Read more →

We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. This article has been indexed…

Read more →

We decided to discuss less obvious tools for working with firmware, including Renode and Qiling. Each of those tools has its own features, advantages, and limitations that make it effective for certain types of task. This article has been indexed…

Read more →

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. This article has been indexed from Securelist Read…

Read more →

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East. This article has been indexed from Securelist Read…

Read more →

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks. This article has been indexed from Securelist Read the original article: The hateful eight: Kaspersky’s guide…

Read more →

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. This article has…

Read more →

How is technical attribution carried out? What are the key challenges in conducting reliable technical attribution? How can this be more accessible to the multitude of stakeholders? Below are our reflections on these questions. This article has been indexed from…

Read more →

This article has been indexed from Securelist What cybercriminals charge for the data of large companies on the dark web – a review of underground forum offers by category. Read the original article: How much does access to corporate infrastructure…

Read more →

This article has been indexed from Securelist We analyze data on vulnerabilities in routers, plus malware that attacks IoT devices: Mirai, NyaDrop, Gafgyt, and other. Read the original article: Router security in 2021

Read more →

This article has been indexed from Securelist At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Read the…

Read more →

This article has been indexed from Securelist We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. Read the original article: WinDealer dealing on the side

Read more →

This article has been indexed from Securelist PC malware statistics for the Q1 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Read the original article: IT threat evolution in Q1 2022.…

Read more →

This article has been indexed from Securelist Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. Read the original article: IT threat…

Read more →

This article has been indexed from Securelist According to Kaspersky Security Network, in Q1 2022 516,617 mobile malware installation packages were detected, of which 53,947 packages were related to mobile banking trojans, and 1,942 packages were mobile ransomware trojans. Read…

Read more →

This article has been indexed from Securelist Kaspersky Managed Detection and Response (MDR) services in 2021 in facts and figures: number of security incidents detected, their severity, etc. Read the original article: Managed detection and response in 2021

Read more →

This article has been indexed from Securelist The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. Read the original article: The…

Read more →

This article has been indexed from Securelist Third party automotive mobile apps, web apps and API clients provide drivers with additional functions but may pose security risks for their data. Read the original article: What’s wrong with automotive mobile apps?

Read more →

This article has been indexed from Securelist This report includes an analysis of the ISaGRAF framework, its architecture, the IXL and SNCP protocols and the description of several vulnerabilities the Kaspersky ICS CERT team had identified. Read the original article:…

Read more →

This article has been indexed from Securelist With this article, our core aim is to share a threat landscape overview, which Kaspersky cybersecurity researchers are observing in relation to the conflict, with the wider international community and thus to contribute…

Read more →

This article has been indexed from Securelist In this article we review phishing HTML attachments, explaining common tricks the attackers use, and give statistics on HTML attachments detected by Kaspersky solutions. Read the original article: HTML attachments in phishing e-mails

Read more →

This article has been indexed from Securelist This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop. Read the original article: New ransomware…

Read more →

This article has been indexed from Securelist Kaspersky analysis of mobile subscription Trojans Joker (Jocker), MobOk, Vesub and GriftHorse and their activity: technical description and statistics. Read the original article: Mobile subscription Trojans and their little tricks

Read more →

This article has been indexed from Securelist We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden…

Read more →

This article has been indexed from Securelist This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. Read the original article: APT trends report Q1 2022

Read more →

This article has been indexed from Securelist Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists.…

Read more →

This article has been indexed from Securelist A new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, but the group is also known as BlackCat. Two recent BlackCat incidents stand out as…

Read more →

This article has been indexed from Securelist Technical details and mitigations for CVE-2022-22965 vulnerability (Spring4Shell) that can help an attacker to execute arbitrary code on a remote web server. Read the original article: Spring4Shell (CVE-2022-22965): details and mitigations

Read more →

This article has been indexed from Securelist We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a…

Read more →

This article has been indexed from Securelist What are phishing kits (phishkits), what do they include, who uses them, and where are they sold? A report and statistics on phishing kits. Read the original article: Phishing-kit market: what’s inside “off-the-shelf”…

Read more →

This article has been indexed from Securelist Exploit for CVE-2022-0847 (Dirty Pipe) vulnerability in Linux kernel is available online. Kaspersky solutions detect and prevent exploitation attempts. Read the original article: CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel

Read more →

This article has been indexed from Securelist Last week, Kaspersky’s GReAT shared their insights into the current (and past) cyberattacks in Ukraine. In this post we address the questions that we did not have the time to answer and provide…

Read more →

This article has been indexed from Securelist By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks…

Read more →

This article has been indexed from Securelist We present our analysis of HermeticRansom (aka Elections GoRansom) ransomware that was likely used as a smokescreen for the HermeticWiper attack. Read the original article: Elections GoRansom – a smoke screen for the…

Read more →

This article has been indexed from Securelist This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc. Read the original article: Financial cyberthreats…

Read more →

This article has been indexed from Securelist In 2021, cybercriminal activity gradually decreased, and attempts to exploit the pandemic topic became less common. However, mobile malware became more advanced, and attacks more complex. Read the original article: Mobile malware evolution…

Read more →

This article has been indexed from Securelist In Q4 2021, as expected, the number of DDoS attacks rose, while DDoS botnets weaponized a Log4Shell vulnerability. In this report, we present the main DDoS trends and statistics. Read the original article:…

Read more →

This article has been indexed from Securelist Statistics on spam and phishing with the key trends in 2021: investment scams, fake streaming websites, theft of corporate credentials and COVID-19. Read the original article: Spam and phishing in 2021

Read more →

This article has been indexed from Securelist We’ve observed some new activities by Roaming Mantis in 2021, and some changes in the Wroba malware that’s mainly used in this campaign. Furthermore, we discovered that France and Germany were added as…

Read more →

This article has been indexed from Securelist This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth. Read the original article: Telehealth: A New Frontier in Medicine—and Security

Read more →

This article has been indexed from Securelist This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth. Read the original article: Telehealth: A New Frontier in Medicine—and Security

Read more →

This article has been indexed from Securelist At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how…

Read more →

This article has been indexed from Securelist Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Read the original article: Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks

Read more →

This article has been indexed from Securelist It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Read the original article: The BlueNoroff cryptocurrency hunt…

Read more →

This article has been indexed from Securelist Kaspersky Safe Kids statistics on categories of websites, mobile apps and YouTube searches, plus some suggestions on what to buy children for Christmas this year. Read the original article: Choosing Christmas gifts for…

Read more →

This article has been indexed from Securelist Check out the answers to some of users’ biggest security questions about the Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105). Read the original article: Answering Log4Shell-related questions

Read more →

This article has been indexed from Securelist How to trick the machine-learning model in Anti-Spam designed to detect and quarantine suspicious e-mails, and how to detect such attacks. Read the original article: How and why do we attack our own…

Read more →

This article has been indexed from Securelist Kaspersky ICS CERT experts identified malware whose loader has some similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s arsenal. Read the original article: PseudoManuscrypt: a mass-scale spyware attack…

Read more →

This article has been indexed from Securelist Key statistics for 2021: miners, ransomware, trojan bankers and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. Read the original article: Kaspersky Security Bulletin 2021. Statistics

Read more →

This article has been indexed from Securelist Several interesting attacks detected by Kaspersky Managed Detection and Response (MDR): two PrintNightmare exploitation attempts, MuddyWater attack and LSASS credential dumping. Read the original article: Kaspersky Managed Detection and Response: interesting cases

Read more →

This article has been indexed from Securelist We found a suspicious binary and determined it as an IIS module, aimed at stealing credentials and enabling remote command execution from OWA. We named the malicious module ‘Owowa’, Read the original article:…

Read more →

This article has been indexed from Securelist The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and mitigations. Read the original article: CVE-2021-44228 vulnerability in Apache Log4j library

Read more →

This article has been indexed from Securelist We’ve analyzed the life cycle of phishing pages, how they transform during their active period, and the domains where they’re located. Read the original article: The life cycle of phishing pages

Read more →

This article has been indexed from Securelist In the past twelve months, the word “ransomware” has popped up in countless headlines worldwide across both print and digital publications. But how did we get here and what has changed about the…

Read more →

This article has been indexed from Securelist For this annual review, we have tried to focus on what we consider to be the most interesting trends and developments of the last 12 months. Read the original article: APT annual review…

Read more →

This article has been indexed from Securelist The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group. Read…

Read more →

This article has been indexed from Securelist In this report we provide details on a malicious VBS implant distributed via MS Excel droppers and a fake “Kaspersky Update Agent” which we attribute to WIRTE APT who may be linked to…

Read more →

This article has been indexed from Securelist WildPressure and LuminousMoth threat actors, FinSpy implants, zero-day vulnerabilities and PrintNightmare, threats for Linux and macOS in our review of Q3 2021. Read the original article: IT threat evolution Q3 2021

Read more →

This article has been indexed from Securelist PC threat statistics for Q3 2021 contain data on miners, encrypting ransomware, financial malware, and threats to Windows, macOS and IoT. Read the original article: IT threat evolution in Q3 2021. PC statistics

Read more →

This article has been indexed from Securelist In Q3 2021, 9,599,519 malware, adware and riskware attacks on mobile devices were prevented. Read the original article: IT threat evolution in Q3 2021. Mobile statistics

Read more →

This article has been indexed from Securelist In recent years, we have observed various trends in the changing threat landscape for industrial enterprises. We can say with high confidence that many of these trends will not only continue, but gain…

Read more →

This article has been indexed from Securelist We are going to analyze the forecasts we made at the end of 2020, go through the key events of 2021 relating to financial attacks and make some forecasts about them in 2022.…

Read more →

This article has been indexed from Securelist We constantly monitor the landscape of shopping-related threats and release a report tracking the latest criminal activity targeting online shoppers. Here’s what we found this year. Read the original article: Black Friday 2021:…

Read more →

This article has been indexed from Securelist Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to…

Read more →

This article has been indexed from Securelist 2020–2021 report on malware, unwanted software and phishing schemes using streaming services Netflix, Apple TV, Amazon Prime, Hulu and Disney+ as a lure. Read the original article: Streaming wars continue — what about…

Read more →

This article has been indexed from Securelist This report provides DDoS attack statistics for Q3 2021, as well as a news roundup and forecasts for the next quarter. Read the original article: DDoS attacks in Q3 2021

Read more →

This article has been indexed from Securelist This report contains spam and phishing statistics for Q3 2021, plus descriptions of scams linked to the Olympics, Euro 2020, COVID-19, and other relevant events. Read the original article: Spam and phishing in…

Read more →

This article has been indexed from Securelist How we took part in the Machine Learning Security Evasion Competition (MLSEC) — a series of trials testing contestants’ ability to create and attack machine learning models. Read the original article: How we…

Read more →

This article has been indexed from Securelist Go programs may contain hundreds of calls, it is obviously impractical to manually look up each type using a hex editor. So, there is the script I use in my daily work. Read…

Read more →

This article has been indexed from Securelist The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest…

Read more →

This article has been indexed from Securelist This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Read the original article: Russian-speaking cybercrime evolution: What…

Read more →

This article has been indexed from Securelist In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules. Read the original article:…

Read more →

This article has been indexed from Securelist According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the…

Read more →

This article has been indexed from Securelist John Southworth gives insights about APT41 and the malware used by the threat actor – the Motnug loader and its descendant, the ChaCha loader; also, shares some thoughts on the actor’s attribution and…

Read more →

This article has been indexed from Securelist We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage…

Read more →

This article has been indexed from Securelist How to build up a fascinating story from a hardcore APT report? Sitting by the virtual fireside, Brian Bartholomew and Christopher Bing will discuss how malware researchers and investigative journalists can help each…

Read more →

This article has been indexed from Securelist Experts from NTT Security (Japan) will cover a new APT named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting government and defense sector. Read the original article: SAS…

Read more →

This article has been indexed from Securelist Statistics on ransomware attacks in the CIS and technical descriptions of Trojans, including BigBobRoss/TheDMR, Crysis/Dharma, Phobos/Eking, Cryakl/CryLock, CryptConsole, Fonix/XINOF, Limbozar/VoidCrypt, Thanos/Hakbit and XMRLocker. Read the original article: Ransomware in the CIS

Read more →

This article has been indexed from Securelist While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset…

Read more →

This article has been indexed from Securelist We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar. Read the original article: DarkHalo after…

Read more →

This article has been indexed from Securelist FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen…

Read more →

This article has been indexed from Securelist We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that…

Read more →