SynAck targeted ransomware uses the Doppelgänging technique

The Process Doppelgänging technique was first presented in December 2017 at the BlackHat conference. Since the presentation several threat actors have started using this sophisticated technique in an attempt to…

Energetic Bear/Crouching Yeti: attacks on servers

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial…

Rep. Wayne Faircloth Texas Insider Report: AUSTIN, Texas – This interim has been very busy, to say the least.  From the Special Legislative Session, called by the Governor of Texas,…

AgriLife Extension offers publications for wildfire preparation, safety

Writer: Kay Ledbetter, 806-677-5608, skledbetter@ag.tamu.edu Contacts: Dr. Tim Steffens, 806-651-2781, tsteffens@wtamu.edu Dr. Morgan Russell, 325-653-4576, morgan.russell@ag.tamu.edu AMARILLO – Preparing for wildfire response ahead of time is one of the most…

Somebody’s watching! When cameras are more than just ‘smart’

Every year the number of smart devices grows. Coffee machines, bracelets, fridges, cars and loads of other useful gadgets have now gone smart. We are now seeing the emergence of…

OlympicDestroyer is here to trick the industry

A couple of days after the opening ceremony of the Winter Olympics in Pyeongchang, South Korea, we received information from several partners, on the condition of non-disclosure (TLP:Red), about a…

Skygofree: Following in the footsteps of HackingTeam

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of…

Investigation Report for the September 2014 Equation malware detection incident in the US

Background In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system.…

IT threat evolution Q3 2017

Targeted attacks and malware campaigns [Re-]enter the dragon In July, we reported on the recent activities of a targeted attack group called ‘Spring Dragon’ (also known as LotusBlossom), whose activities…

Bad Rabbit ransomware

What happened? On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also…

The Festive Complexities of SIGINT-Capable Threat Actors

To read the full paper and learn more about this, refer to “Walking in Your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell” Attribution is complicated under the best of…

An (un)documented Word feature abused by attackers

A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They…

It’s been a few days since Kaspersky Lab’s blog post about the Multi Platform Facebook malware that was spread through Facebook Messenger. At the same time as Kaspersky Lab were…

Spam and phishing in Q2 2017

Spam: quarterly highlights Delivery service Trojans At the start of Q2 2017, we registered a wave of malicious mailings imitating notifications from well-known delivery services. Trojan downloaders were sent out…

In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine

While the (cyber-)world was still shaking under the destructive ExPetr/Petya attack that hit on June 27, another ransomware attack targeting Ukraine at the same time went almost unnoticed. So far,…

From BlackEnergy to ExPetr

Much has been written about the recent ExPetr/NotPetya/Nyetya/Petya outbreak – you can read our findings here:Schroedinger’s Pet(ya) and ExPetr is a wiper, not ransomware. As in the case of Wannacry,…

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. If you were…

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst…

Dridex: A History of Evolution

The Dridex banking Trojan, which has become a major financial cyberthreat in the past years (in 2015, the damage done by the Trojan was estimated at over $40 million), stands…

Ztorg: money for infecting your smartphone

This research started when we discovered an infected Pokémon GO guide in Google Play. It was there for several weeks and was downloaded more than 500,000 times. We detected the…