Tag: thumbnail
High-profile malware and targeted attacks in Q1 2023
Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff, a financially motivated threat actor known for stealing cryptocurrency. The threat actor typically exploits Word documents, using shortcut files for...
Recent Satacom campaign delivers cryptocurrency-stealing addon
Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another...
Tool to find the Operation Triangulation traces
In our initial blogpost about “Operation Triangulation”, we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators....
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect...
Meet the GoldenJackal APT group. Don’t expect any howls
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far...
Analysis of the CloudWizard APT framework
In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the...
Minas — a multi-stage cryptocurrency miner infection
Sometimes when investigating an infection and focusing on a targeted attack, we come across something we were not expecting. The case described below is one such occurrence. In June 2022, we found a suspicious shellcode running in the memory of...
Kaspersky Incident Response report 2022
Kaspersky offers various services to organizations that have been targeted by cyberattackers, such as incident response, digital forensics, and malware analysis. In our annual incident response report, we share information about the attacks that we investigated during the reporting period....
Overview of ransomware trends in 2023
Ransomware keeps making headlines. In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives. In 2022, Kaspersky solutions detected over 74.2M...
Subscription Trojans on Google Play
Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged...
Kaspersky Managed Detection and Response 2022 report
Kaspersky Managed Detection and Response (MDR) is a service for 24/7 monitoring and response to detected incidents based on technologies and expertise of Kaspersky Security Operations Center (SOC) team. MDR allows detecting threats at any stage of the attack –...
Investigating ChatGPT phishing detection capabilities
Can ChatGPT detect phishing links? Hearing all the buzz about the amazing applications of ChatGPT and other language models, our team could not help but ask this question. We work on applying machine learning technologies to cybersecurity tasks, specifically models...
