20 Oct 2021 at 12:00pm
This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years.
19 Oct 2021 at 10:00am
In this article we describe the functionality of the Trickbot (aka TrickLoader or Trickster) banking malware modules and provide a tip on how to download and analyze these modules.
18 Oct 2021 at 11:00am
According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group?s activity, focused on two entities in Tunisia.
12 Oct 2021 at 5:07pm
We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail.
7 Oct 2021 at 10:00am
Statistics on ransomware attacks in the CIS and technical descriptions of Trojans, including BigBobRoss/TheDMR, Crysis/Dharma, Phobos/Eking, Cryakl/CryLock, CryptConsole, Fonix/XINOF, Limbozar/VoidCrypt, Thanos/Hakbit and XMRLocker.
30 Sep 2021 at 10:00am
While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to d...
29 Sep 2021 at 2:45pm
We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.
28 Sep 2021 at 2:45pm
FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen findings about the actual state of FinSpy implants.
27 Sep 2021 at 10:00am
We take a closer look at threats linked to loss of accounts with popular video game digital distribution services, such as Steam and Origin. We also explore the kind of game-related data that ends up on the black market.
23 Sep 2021 at 8:00am
What do cyberthreats, Kubernetes and donuts have in common ? except that all three end in ?ts?, that is? All these topics will be mentioned during the new SAS@Home online conference, scheduled for September 28th-29th, 2021.