RAT

Pierluigi Paganini August 05, 2014
IcoScript rat controlled via email services, including Yahoo and Gmail

Experts at the German security firm G-Data discovered a RAT dubbed IcoScript which receives commands from C&C via email services including Yahoo and Gmail. Security experts have detected a new Remote Administration Trojan dubbed IcoScript which is controlled by bad actors through Yahoo Mail and is able to elude detection systems by using seemingly benign domains for […]

Pierluigi Paganini August 02, 2014
Kaspersky report on Energetic Bear – Crouching Yeti APT campaign

The Kaspersky Lab Team has issued a report which includes details of the investigation related to the Energetic Bear – Crouching Yeti APT campaign. Energetic Bear, aka Crouching Yeti, is the recently discovered APT campaign that targeted energy companies, manufacturers, industrial, pharmaceutical, construction, and many IT companies. Security experts have analyzed the Energetic Bear APT campaign, which appears […]

Pierluigi Paganini July 27, 2014
Nigeria 419 scam targeting business world with RATs

Experts at Palo Alto Networks uncovered a new Nigeria 419 scam scheme which is targeting businesses in a malicous campaign dubbed Silver Spaniel. The Nigeria 419 schema adopted by criminal gangs world wide has been improved by scammers which are also including the use of remote access trojans (RATs). A report published by the Palo […]

Pierluigi Paganini July 20, 2014
Discovered a new Havex variant which hit SCADA via OPC

Researchers at FireEye have detected a new variant of Havex RAT, which scans SCADA network via Object linking and embedding for Process Control (OPC). Security experts at F-Secure and Symantec have recently announced a surge of malicious campaigns based on “Havex” malware against critical infrastructure. The bad actors behind the Havex campaign mainly targeted companies in the energy […]

Pierluigi Paganini July 04, 2014
Implications of the crisis in Iraq in the cyberspace

Security Experts at Intelligence firm InterCrawler have analyzed the effect of the crisis in Iraq on the malicious activities in the cyberspace. Cyber threat intelligence firm IntelCrawler has published an interesting post on the repercussion of Iraq Civil disorder on the cyberspace, the company has analyzed the activities within the Iraqi ISP industry discovering worrying signals. […]

Pierluigi Paganini June 27, 2014
PlugX RAT with Time Bomb abuses Dropbox in targeted attacks

Trend Micro analyzed a targeted attack against a Taiwanese government entity which used a variant of the PlugX RAT that abuses the Dropbox service. Researchers from Trend Micro discovered that a targeted attack against a government agency in Taiwan was conducted using a variant of the PlugX remote access tool (RAT) which abuses the popular file hosting service […]

Pierluigi Paganini June 25, 2014
Cyber espionage campaign based on Havex RAT hit ICS/SCADA systems

Security Experts at F-Secure discovered a cyber espionage campaign based in the Havex malware targeting ICS/SCADA systems and vendors. Security Experts at F-Secure have conducted an investigation on the Havex Malware family in the past months, let’s remember that the malicious agent has been used in several targeted attacks against different industry sectors, and according […]

Pierluigi Paganini June 11, 2014
Putter Panda APT behind for cyber espionage campaigns, are they members of PLA Unit 61486?

CrowdStrike published a new report which blames the Chinese Putter Panda group for the different cyber espionage campaigns conducted against foreign companies. Putter Panda is the name of bad actor responsible for a series of cyber espionage operations originating in Shanghai, security experts linked its operation to the activity of the People’s Liberation Army 3rd General Staff […]

Pierluigi Paganini May 07, 2014
Shiqiang APT cyber espionage using RAT signed with stolen certificates

Security experts at McAfee Labs have discovered a new cyber espionage based on the malware digitally signed with stolel certificates. A recent research of McAfee Labs has identified a series of spear phishing attacks against non governmental entities and activists, the offensives which interested mainly organizations in China were conducted using malicious code signed with stolen digital […]

Pierluigi Paganini March 20, 2014
FireEye discovered Android spying components in Winspy RAT

FireEye experts investigating on a spear-phishing campaign on an US-based financial institution discovered that common WinSpy RAT was adapted to hit Android devices. FireEye Security Researchers have recently identified a new variant of Winspy RAT that can infect users’ PC and also their Android Devices during synchronization operations. We have a long discussed about the increment for […]