News • Insights • Analysis
The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Read More …
This February, during our hunting efforts for threat actors using VBS/VBA implants, Kaspersky researchers came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with Read More …
Last March, Kaspersky researchers reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, they discovered a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant and a Read More …
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that Read More …
As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN® device software1 going back to at least May 2021. The vulnerability allowed APT actors to gain access to an unrestricted file upload function Read More …
This joint cybersecurity advisory is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) Read More …
Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends Read More …
The MosesStaff hacking group has entered the ‘ransomware’ fray with a difference: blackmail payments are furthest from their minds. On November 15, Check Point Research (CPR) said the group began targeting organizations in Israel during September this year, joining campaigns Read More …
The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat. This particular RAT (remote access trojan) targets predominately Indian users, being distributed by Pakistani Read More …
A North Korean state-sponsored hacking group known as Lazarus is again trying to hack security researchers, this time with a trojanized pirated version of the popular IDA Pro reverse engineering application. IDA Pro is an application that converts an executable Read More …
