FBI and Air Force experts are sinkholing the Joanap botnet to collect information about it and dismantle the malicious infrastrcuture. The U.S. Justice Department declares war to the Joanap Botnet that is associated with North Korea. The U.S. DoJ announced this week that it is working to dismantle the infamous Joanap botnet, a malicious infrastructure […]
Security experts at Cybaze– Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. As usual, the malware looks like a legitimate e-mail attachment, named as âinvoice.docâ. Today, weaponized Microsoft office documents with macros, are one of the most common and more effective methods to […]
According to the ENISA Threat Landscape Report 2018, 2018 has brought significant changes in the techniques, tactics, and procedures associated with cybercrime organizations and nation-state actors. I’m proud to present you the ENISA Threat Landscape Report 2018, the annual report published by the ENISA ETL group that provides insights on the evolution of the cyber […]
In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign leveraging the Zepakab Downloader. In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign discovered in January 2019. The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further […]
Security experts from Kaspersky Labâs Industrial Control Systems Cyber Emergency Response Team (ICS CERT) linked the GreyEnergy malware with and the Zebrocy backdoor. Security researchers from Kaspersky Labâs ICS CERT have discovered a link between GreyEnergy malware with and the Zebrocy tool. The activity of the GreyEnergy APT group emerged in concurrence with BlackEnergy operations, experts consider […]
Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit a recently discovered Flash zero-day vulnerability. The Fallout Exploit kit was discovered at the end […]
Threat actors in the wild are leveraging a recently discovered flaw in the ThinkPHP PHP framework to install cryptominers, skimmers, and other malware. Multiple threat actors are leveraging a recently discovered code execution vulnerability (CVE-2018-20062) in the ThinkPHP framework. The flaw was already addressed by the Chinese firm TopThink that designed the framework, but security expert Larry […]
Early January, an interesting malware sample has been disclosed through the InfoSec community: a potential GreyEnergy implant still under investigation. This kind of threat, previously analyzed by third party firms, contains similarities with the infamous BlackEnergy malware, used in the attacks against the Ukrainian energy industry back in 2015. The Cybaze-Yoroi ZLAB researchers dissected this […]
FireEye and CrowdStrike discovered that threat actors behind the Ryuk ransomware are working with another cybercrime gang to gain access to target networks. In August 2018, security experts from Check Point uncovered a ransomware-based campaign aimed at organizations around the world conducted by North Korea-linked threat actor. This is the first time that a security firm […]
Ave Maria Malware – Phishing attempts spreading in the last days of the past year against an Italian organization operating in the Oil&Gas sector The Cybaze-Yoroi ZLab researchers analyzed phishing attempts spreading in the last days of the past year against an Italian organization operating in the Oil&Gas sector. The malicious emails try to impersonate […]