malware

Pierluigi Paganini June 09, 2019
Security Affairs newsletter Round 217 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! ESET analyzes Turla APTs usage of weaponized PowerShell Leicester City Football Club disclosed a card breach ProtonMail denies that it spies on users for government agencies Expert shows how […]

Pierluigi Paganini June 08, 2019
Hunting the ICEFOG APT group after years of silence

A security researcher found new evidence of activities conducted by the ICEFOG APT group, also tracked by the experts as Fucobha. Chi-en (Ashley) Shen, a senior security researcher at FireEye, collected evidence that demonstrates that China-linked APT group ICEFOG (aka Fucobha) is still active. The activities of the APT group were first uncovered by Kaspersky […]

Pierluigi Paganini June 08, 2019
Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Cisco Talos experts uncovered a new wave of attacks tracked as Frankenstein campaign, attackers used tools built by combining four open-source techniques. Security experts at Cisco Talos uncovered a series of highly targeted attacks, tracked as Frankenstein campaign, hackers used tools built by combining four different open-source techniques. Attackers behind the Frankenstein campaign carried out […]

Pierluigi Paganini June 06, 2019
Platinum APT and leverages steganography to hide C2 communications

The Platinum cyber espionage group uses steganographic technique to hide communications with the Command and Control Servers  (C&C). Experts from Kaspersky have linked the Platinum APT group with cyber attacks involving an elaborate, and new steganographic technique used to hide communications with C2 servers. The APT group was discovered by Microsoft in 2016, it targeted organizations […]

Pierluigi Paganini June 06, 2019
Analyzing the APT34’s Jason project

Security expert Marco Ramilli has analyzed the recently leaked APT34 hacking tool tracked as Jason – Exchange Mail BF. Today I want to share a quick analysis on a new leaked APT34 Tool in order to track similarities between APT34 public available toolsets. This time is the APT34 Jason – Exchange Mail BF project to be leaked […]

Pierluigi Paganini June 05, 2019
BlackSquid malware uses multiple exploits to drop cryptocurrency miners

A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. The new piece of malware leverages many exploits […]

Pierluigi Paganini June 04, 2019
A month later Gamaredon is still active in Eastern Europe

Gamaredon continues to target Ukraine, Yoroi-Cybaze ZLab spotted a new suspicious activity potentially linked to the popular APT group Introduction The Gamaredon attacks against Ukraine don’t seem to have stopped. After a month since our last report we spotted a new suspicious email potentially linked to the Gamaredon group. The group was first discovered by Symantec and TrendMicro in 2015 but […]

Pierluigi Paganini June 02, 2019
Security Affairs newsletter Round 216 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” https://www.surveymonkey.com/r/EUBloggerAwards2018 Police seized Bestmixer, the mixing service washed […]

Pierluigi Paganini June 02, 2019
ESET analyzes Turla APT’s usage of weaponized PowerShell

Turla, the Russia-linked cyberespionage group, is weaponizing PowerShell scripts and is using them in attacks against EU diplomats. Turla (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON), the Russia-linked APT group, is using weaponized PowerShell scripts in attacks aimed at EU diplomats. Turla group has been active since at least 2007 targeting government organizations and […]

Pierluigi Paganini June 01, 2019
GandCrab operators are shutting down their operations

GandCrab first appeared in the threat landscape in early 2018 and continuously evolved over time. Now operators are shutting down their operations. Early 2018, experts at cyber security firm LMNTRIX have discovered a new ransomware-as-a-service dubbed GandCrab. advertised in Russian hacking community on the dark web. The GandCrab was advertised in Russian hacking community, researchers noticed that authors leverage the RIG and […]