News

Iceland Suffers Largest Cyber Attack

Delaware, USA – October 15, 2018 — Unidentified cybercriminals carried out the largest cyber attack in the history of Iceland infecting users with Remcos remote access tool and gain access to their banking accounts. On October 6, adversaries started sending phishing emails, which contained a link to the spoofed version of the Icelandic police website and […]

Ongoing APT Campaign of MuddyWater Group

Delaware, USA – October 12, 2018 — The Muddywater APT group appeared last year, and the first cyber espionage campaigns they conducted against government organizations of Iraq and Saudi Arabia. Now a number of other countries of the Middle East and Europe are in their field of interest. The group conducts a large number of […]

Gallmaker APT Group Attacks Government and Military Targets

Delaware, USA – October 11, 2018 — The newly discovered APT group Gallmaker has been active at least since last December and is aimed at the government, military and defense targets in the Middle East and Eastern Europe. The group does not use malware during the attacks. Instead, they are perfect at using living off […]

Magecart Operators Compromise Shopper Approved Plugin

Delaware, USA – October 10, 2018 — In mid-September, one of the groups behind the card-skimming campaign Magecart compromised the Shopper Approved plug-in and injected malicious code into it. RiskIQ researchers consider that there are at least six cybercriminal groups involved in the campaign, and the same group that attacked Ticketmaster in July of this […]

Major Changes in Emotet Malware

Delaware, USA – October 9, 2018 — Security researcher Vishal Thakur dissected the newest version of Emotet downloader and discovered several new features that make malware even more stealthy and effective. Attackers used another obfuscation pattern to complicate detection, and downloader now drops Powershell.exe to Temp folder and then executes it. Also, the new version […]

IQY Files are Used to Spread FlawedAmmyy RAT

Delaware, USA – October 8, 2018 — Adversaries are constantly looking for new ways to infect the victim’s system, and now the Excel Web Query file (IQY) has attracted their attention, which has been used in recent campaigns to spread FlawedAmmyy RAT. Last month, attackers distributed multi-platform Adwind malware via malicious Excel documents with .CSV […]

Kraken Cryptor Ransomware is Distributed via Exploit Kit

Delaware, USA – October 5, 2018 — Adversaries behind the Fallout Exploit kit started distributing the latest version of the Kraken Cryptor Ransomware. Before that, they used the exploit kit for about two weeks to infect their victims with GandCrab ransomware. Kraken Cryptor, as well as GandCrab, is Ransomware-as-a-Service, so adversaries can easily switch from […]

FASTCash: New Campaign of Lazarus Group

Delaware, USA – October 4, 2018 — US-CERT, the US Department of Homeland Security, the US Department of the Treasury and the FBI have published a joint report on a new scheme for stealing money from ATMs. One of the divisions of the infamous Lazarus group uses FASTCash tactics in attacks on banks worldwide. The […]

Danabot Banking Trojan Switched to the United States

Delaware, USA – October 3, 2018 — Researchers from Proofpoint discovered the first campaign to distribute DanaBot malware, which targets banks in the United States. The DanaBot banking Trojan was first discovered 5 months ago, and it only attacked Australian banks. Soon, this malware was adopted by cybercriminals attacking banks in Europe, and one of […]

Sigma UI Plugin for Kibana is Released

Delaware, USA – October 2, 2018 — Sigma UI plugin for Kibana is available in Threat Detection Marketplace. This is a free open-source application based on the Elastic stack and Sigma Converter (sigmac). It simplifies development, use and sharing of Sigma, a generic rule format for SIEM systems. It is now possible to write, update […]