Russian-speaking cybercrime evolution: What changed from 2016 to 2021

by Ruslan Sabitov
20 Oct 2021 at 12:00pm
This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years.

Trickbot module descriptions

by Oleg Kupreev
19 Oct 2021 at 10:00am
In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules.

Lyceum group reborn

by Mark Lechtik, Aseel Kayal, Paul Rascagneres
18 Oct 2021 at 11:00am
According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group?s activity, focused on two entities in Tunisia.

MysterySnail attacks with Windows zero-day

by Boris Larin, Costin Raiu
12 Oct 2021 at 5:07pm
We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail.

Ransomware in the CIS

by Fedor Sinitsyn, Yanis Zinchenko
7 Oct 2021 at 10:00am
Statistics on ransomware attacks in the CIS and technical descriptions of Trojans, including BigBobRoss/TheDMR, Crysis/Dharma, Phobos/Eking, Cryakl/CryLock, CryptConsole, Fonix/XINOF, Limbozar/VoidCrypt, Thanos/Hakbit and XMRLocker.

GhostEmperor: From ProxyLogon to kernel mode

by Mark Lechtik, Aseel Kayal, Paul Rascagneres, Vasily Berdnikov
30 Sep 2021 at 10:00am
While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to d...

DarkHalo after SolarWinds: the Tomiris connection

by Ivan Kwiatkowski, Pierre Delcher
29 Sep 2021 at 2:45pm
We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.

FinSpy: unseen findings

by GReAT
28 Sep 2021 at 2:45pm
FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen findings about the actual state of FinSpy implants.

BloodyStealer and gaming assets for sale

by Leonid Bezvershenko, Dmitry Galov, Marc Rivero
27 Sep 2021 at 10:00am
We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market.

Wake me up till SAS summit ends

by Securelist
23 Sep 2021 at 8:00am
What do cyberthreats, Kubernetes and donuts have in common ? except that all three end in ?ts?, that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021.

powered by dotcombinat


TOP Referrer

TOP Downloads

Mac OSX Widget



spam shirt

Partner Sites