Calypso APT Emerges from the Shadows to Target Governments

A newly discovered APT group, dubbed Calypso after a custom malware RAT that it uses, has been targeting state institutions in six different countries since 2016. Government organizations in India (34 percent), Brazil and Kazakhstan (18 percent respectively), Russia and Read More …

The Legend of Adwind: A Commodity RAT Saga in Eight Parts

In early 2012, a developer started selling the first of the Adwind family, Java-based remote access tools (RATs), called “Frutas.” In the ensuing years, it has been rebranded at least seven times. Its other names have included Adwind, UnReCoM, Alien Read More …

Adwind Remote Access Trojan Hits Utilities Sector

Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads. Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to Read More …

Nation-State APTs Target U.S. Utilities With Dangerous Malware

Researchers believe that nation-state actors are behind several spearphishing campaigns targeting U.S. utility companies with a newly-identified malware, which has the capabilities to view system data and reboot machines. Lure emails were sent to three U.S. utilities companies between July Read More …

Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C

We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign’s techniques and procedures, Read More …

Houdini malware targets victims with keylogger, online bank account theft tools

A new variant of the Houdini malware has been detected in campaigns against financial institutions and their customers. Last week, cybersecurity researchers from Cofense said in a blog post that the new strain of Houdini — also known as HWorm — was Read More …