On March 30, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) put out a warning of a mass spread of malware named “Mars Stealer” targeting individuals and organizations in Ukraine. According to the CERT-UA research, adversaries behind Mars Stealer attacks are traced back to the hacking group tracked as UAC-0041 (associated with AgentTesla and […]
A malware loader Colibri that appeared not so long time ago – in August 2021, has been recently discovered delivering Vidar payloads in a new ongoing Colibri Loader campaign. Researchers indicate that Colibri uses an unusual persistence technique that hasn’t been tracked until this time. Updated functionality motivates adversaries to keep selling their new malware […]
Update: According to the latest heads-up from Arpil 7, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) issued an alert with the details of the most recent phishing attack on Ukrainian state bodies hard on the heels of the attack kill chain a couple of days ago identified by the similar behavior patterns. On […]
A sudden surge in the activity of IcedID email hijacking was identified by security researchers. IcedID, a.k.a. BokBot has been operating since 2017. A gradual evolution has led this malware from being a regular banking trojan to a sophisticated payload that hijacks ongoing email conversations and injects malicious code through a network of compromised Microsoft […]
Purple Fox malware has been wreaking all sorts of havoc on personal computers since 2018, infecting more than 30,000 machines globally. The latest studies found that Purple Fox hackers continue improving their infrastructure and adding new backdoors. To expand the botnet scale, Purple Fox is spreading trojanized installers that masquerade as legitimate software packages. The […]
On March 21, 2022, LAPSUS$ gang published a series of posts in their Telegram channel displaying screenshots of what they called Microsoft Bing and Cortana visual assistant source code. Besides 40 Gb of leaked data, they also showed a compromised administrative account of Okta, a platform that provides digital identity verification for individuals and organizations. […]
This article highlights the original research provided by CERT-UA: https://cert.gov.ua/article/37788 On March 16, 2022, the Computer Emergency Response Team from Ukraine CERT-UA identified a spear-phishing campaign aimed at infecting Ukrainian organizations with cyber-espionage malware. With a low level of confidence, given the tactics used, CERT-UA associates the identified activity with one of the top Russia-backed […]
On March 22, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) identified yet another nefarious malware targeting the infrastructure of Ukrainian state bodies and organizations across the country. Dubbed HeaderTip, the malicious strain is typically leveraged to drop additional DLL files to the infected instance.The revealed malicious activity is tracked under the UAC-0026 identifier, […]
This article is based on the original investigation by CERT-UA: https://cert.gov.ua/article/38088. On March 17, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) has found instances of yet another destructive malware used to target Ukrainian enterprises. The novel malware revealed by CERT-UA and dubbed DoubleZero adds to a strain of data destructive malware that recently […]
This article covers the original research carried out by CERT-UA: https://cert.gov.ua/article/37704 On March 11, 2022, Ukraine’s Computer Emergency Response Team (CERT-UA) reported about the mass distribution of fake emails targeting the Ukrainian state bodies. According to the CERT-UA research, the detected malicious activity can be attributed to the UAC-0056 hacking collective also tracked as SaintBear, […]