Turla APT Returns with New Malware, Anti-Censorship Angle

The Turla APT has revamped its arsenal in 2019, creating new weapons and tools for targeting government entities. It’s now using booby-trapped anti-internet censorship software as an initial infection vector, suggesting Turla is going after dissident or other civil-society targets. Read More …

‘Twas the night before

Recently, the United States Cyber Command (USCYBERCOM Malware Alert @CNMF_VirusAlert) highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it’s important to restate yet again that Read More …

Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East

We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.” The malware involved, which Trend Micro detects as  AndroidOS_GolfSpy.HRX, is notable for its wide range Read More …

MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools

We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed Read More …

ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks

The ScarCruft Korean-speaking APT is changing up its espionage tactics to include an unusual piece of malware devoted to harvesting Bluetooth information – while also showing some overlap with the DarkHotel APT. An analysis of ScarCruft’s binary infection procedure by Kaspersky Read More …