Tag: thumbnail

Server-side attacks, C&C in public clouds and other MDR cases we observed

Server-side attacks, C&C in public clouds and other MDR cases we observed

Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took...

/ November 2, 2022
APT trends report Q3 2022

APT trends report Q3 2022

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot...

/ November 1, 2022
APT10: Tracking down LODEINFO 2022, part II

APT10: Tracking down LODEINFO 2022, part II

In the previous publication ‘Tracking down LODEINFO 2022, part I‘, we mentioned that the initial infection methods vary in different attack scenarios and that the LODEINFO shellcode was regularly updated for use with each infection vector. In this article, we...

/ October 31, 2022
APT10: Tracking down LODEINFO 2022, part I

APT10: Tracking down LODEINFO 2022, part I

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020....

/ October 31, 2022
DiceyF deploys GamePlayerFramework in online casino development studio

DiceyF deploys GamePlayerFramework in online casino development studio

The Hacktivity 2022 security festival was held at the MOM Cultural Center in Budapest, Hungary, over two days, October 6-7th 2022. One of several presentations by our GReAT researchers included an interesting set of APT activity targeting online casino development...

/ October 17, 2022
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Overview On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed...

/ October 13, 2022
Malicious WhatsApp mod distributed through legitimate apps

Malicious WhatsApp mod distributed through legitimate apps

Last year, we wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, we discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with...

/ October 12, 2022
TOP 10 unattributed APT mysteries

TOP 10 unattributed APT mysteries

Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand a few things about the attackers,...

/ October 7, 2022
A look at the 2020–2022 ATM/PoS malware landscape

A look at the 2020–2022 ATM/PoS malware landscape

During the pandemic, lockdowns forced people to stay at home and do their shopping online, which was mirrored in point-of-sale (PoS) and ATM malware activity, as certain regions saw malicious transactions drop significantly. Now, as we predicted in last year’s...

/ October 6, 2022
Uncommon infection and malware propagation methods

Uncommon infection and malware propagation methods

Introduction We are often asked how targets are infected with malware. Our answer is nearly always the same: (spear) phishing. There will be exceptions, naturally, as we will encounter RCE vulnerabilities every now and then, or if the attacker is...

/ October 5, 2022
OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in...

/ October 4, 2022
DeftTorero: tactics, techniques and procedures of intrusions revealed

DeftTorero: tactics, techniques and procedures of intrusions revealed

Earlier this year, we started hunting for possible new DeftTorero (aka Lebanese Cedar, Volatile Cedar) artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably,...

/ October 3, 2022