A predatory tale: Who’s afraid of the thief?

In mid-February, Kaspersky Lab received a request for incident response from one of its clients. The individual who initially reported the issue to our client refused to disclose the origin…

Lt. Gov. Dan Patrick’s property tax bill inaccurately depicted Texas Insider Report: AUSTIN, Texas –  Lt. Gov. Dan Patrick made this statement today:  “On Friday the Houston Chronicle pulled down…

GreyEnergy’s overlap with Zebrocy

In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy (a.k.a. Sandworm) is best…

A Zebrocy Go Downloader

Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline…

Texas A&M undergraduate research scholar published in international journal

Media Contact: Laura Muntean, 979-847-9211, laura.muntean@ag.tamu.edu COLLEGE STATION — Emily Bost, a recent graduate of Texas A&M University, made the most of her undergraduate career with research published in the…

Kaspersky Security Bulletin 2018. Top security stories

Introduction The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The…

Octopus-infested seas of Central Asia

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users and diplomatic entities. We named the actor DustSquad and have provided…

MuddyWater expands operations

Summary MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group…

The rise of mobile banker Asacub

We encountered the Trojan-Banker.AndroidOS.Asacub family for the first time in 2015, when the first versions of the malware were detected, analyzed, and found to be more adept at spying than…

Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware

Overview Lazarus has been a major threat actor in the APT arena for several years. Alongside goals like cyberespionage and cybersabotage, the attacker has been targeting banks and other financial…

KeyPass ransomware

In the last few days, our anti-ransomware module has been detecting a new variant of malware – KeyPass ransomware. Others in the security community have also noticed that this ransomware…

Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South…

SynAck targeted ransomware uses the Doppelgänging technique

The Process Doppelgänging technique was first presented in December 2017 at the BlackHat conference. Since the presentation several threat actors have started using this sophisticated technique in an attempt to…

Energetic Bear/Crouching Yeti: attacks on servers

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial…

Rep. Wayne Faircloth Texas Insider Report: AUSTIN, Texas – This interim has been very busy, to say the least.  From the Special Legislative Session, called by the Governor of Texas,…

AgriLife Extension offers publications for wildfire preparation, safety

Writer: Kay Ledbetter, 806-677-5608, skledbetter@ag.tamu.edu Contacts: Dr. Tim Steffens, 806-651-2781, tsteffens@wtamu.edu Dr. Morgan Russell, 325-653-4576, morgan.russell@ag.tamu.edu AMARILLO – Preparing for wildfire response ahead of time is one of the most…

Somebody’s watching! When cameras are more than just ‘smart’

Every year the number of smart devices grows. Coffee machines, bracelets, fridges, cars and loads of other useful gadgets have now gone smart. We are now seeing the emergence of…

OlympicDestroyer is here to trick the industry

A couple of days after the opening ceremony of the Winter Olympics in Pyeongchang, South Korea, we received information from several partners, on the condition of non-disclosure (TLP:Red), about a…

Skygofree: Following in the footsteps of HackingTeam

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of…

Investigation Report for the September 2014 Equation malware detection incident in the US

Background In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system.…