New Dropper Infects Victims with Revenge RAT and WSHRAT

Delaware, USA – November 18, 2019 – New malware with low detection rates installs two remote access trojans on victim machines. The dropper was detected and analyzed by the Fortinet team; at the time of publication of the report, the malware was detected by 8 antivirus engines only. Original Javascript code decodes VBScript obfuscated with […]

TA2101 is Experimenting with Various Malware in Campaigns Targeted the US and Europe

Delaware, USA – November 15, 2019 – A relatively new threat actor sends spam emails disguised as notifications from government agencies to infect victims with penetration testing frameworks, ransomware, and banking trojans. Proofpoint researchers found that the first campaign the attackers carried out only a month ago, its main targets were IT services companies in […]

APT33 Utilizes Own VPN Network

Delaware, USA – November 14, 2019 – One of the most sophisticated Iranian APT groups uses their own VPN network to conduct reconnaissance and connect to the command-and-control infrastructure. In theory, this should have made the detection and attribution of attacks much more difficult, but in practice, Trend Micro researchers could track exit nodes and […]

TA505 Group is Aiming at System Integrator Companies in Europe

Delaware, USA – November 13, 2019 – The infamous TA505 group, which is behind Dridex trojan and Globeimposter ransomware, is interested in System Integrator Companies. The threat was discovered and analyzed by Marco Ramilli, founder & CEO at Yoroi. After discovering one of the malicious emails, he tracked it to the validtree[.]com domain and determined […]

Popular ASP.NET Hosting Provider Recovers After Ransomware Attack

Delaware, USA – November 11, 2019 – On Saturday, cybercriminals attacked SmarterASP.NET, the US hosting provider with 440,000+ customers, and encrypted customer data and systems of the company. The site SmarterASP.NET was unavailable for about a day, the phone line was down, and customers reported their websites went down. This ransomware strain added .kjhbx extension […]

Platinum APT Spreads Titanium Backdoor in the APAC Region

Delaware, USA – November 8, 2019 – Active for ten years, the stealthy APT group has launched a new campaign targeted at government organizations in South and Southeast Asia. The Platinum group skillfully disguises the malware installation process abusing legitimate tools and hiding malicious files in password-protected archives. The campaign was revealed by Kaspersky Lab, […]

Crafty ZIP Archives Used to Deliver NanoCore RAT

Delaware, USA – November 7, 2019 – Adversaries have found another way to bypass secure email gateways and antimalware solutions using specially crafted ZIP archives. Researchers from Trustwave spotted an interesting spam campaign spreading NanoCore RAT, and an analysis of the attached file revealed a new method for hiding malicious files in archives, which, however, […]

Newly Discovered DarkUniverse APT Linked to ItaDuke Operations

Delaware, USA – November 6, 2019 – Lost in Translation leak released by Shadow Brokers continues to surprise and reveal information about previously unknown APT groups. Among the published tools there was also a script that checked systems attacked by the Equation Group for the presence of malware developed by other threat actors. The signature […]

BitPaymer Ransomware Encrypts Systems in Spanish Companies

Delaware, USA – November 5, 2019 – Ransomware operators continue to attack organizations in European countries. Three weeks after the attack on Pilz, a German automation technology company, adversaries turned their attention to Spain and encrypted systems in two companies. More information is currently known about the attack on Everis, one of the largest managed […]

First Cyberattacks Using BlueKeep Exploit

Delaware, USA – November 4, 2019 – Security researchers first discovered the exploitation of BlueKeep vulnerability for malicious purposes. So far, not particularly skilled cybercriminals are using the exploit published several months ago by the Metasploit team to infect unpatched Windows systems with Monero cryptocurrency miners. The campaign began in the second half of October […]