Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response

In May, during the Managed Detection and Response service on-boarding process of an electronics company in the Asia-Pacific region, we noticed suspicious activity via the Trend Micro™ Deep Discovery™ Inspector that turned out to be related to EternalBlue, an exploit perhaps more popularly known for Read More …

Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has Read More …

Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak

On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Read More …

GreyEnergy APT Delivers Malware via Phishing Attacks and Multi-Stage Dropper

The highly complex backdoor malware payload designed by the GreyEnergy advanced persistent threat (APT) group is being dropped on targeted machines using the common phishing infection vector as detailed by Nozomi Networks’ Alessandro Di Pinto. GreyEnergy attacked and infiltrated the Read More …

‘Basic IT security’ could have prevented UK NHS WannaCry attack

England’s National Health Service (NHS) could have avoided the ransomware hack that crippled its systems in May, according to a government report. “Basic IT security” was all that was required to prevent the “unsophisticated” WannaCry attack, which affected more than a third of NHS organizations, Read More …

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal Read More …

Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests

An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries. Security researchers at FireEye Read More …