A new burst of Iranian state-sponsored APT35 attacks has been observed by researchers over the past few months. A new study shows that APT35 (a.k.a. TA453, COBALT ILLUSION, Charming Kitten, ITG18, Phosphorus, Newscaster) has been increasingly exploiting Microsoft Exchange ProxyShell vulnerabilities for initial access and leveraging quite a bunch of different attack vectors once they […]
The most recent hacking campaign by North Korean APT Kimsuky was launched in late January 2022 and is still ongoing. This time, Kimsuky hackers are armed with commodity open-source remote access tools (RATs) installed with the tailored malware Gold Dragon. Detect Gold Dragon Backdoor To identify that your system was compromised with the Gold Dragon […]
A new targeted malware has been observed attacking government and construction entities in France. Proofpoint conducted extensive research of the malware dubbed Serpent.Ā Serpent Backdoor analysis showed that adversaries have been using quite a few unusual behaviors that have never been detected before. This calls for crafting new detection content that captures specifically those new […]
This article highlights the original research conducted by CERT-UA: https://cert.gov.ua/article/37626Ā On March 7, 2022, the Computer Emergency Response Team for Ukraine (CERT-UA) issues an urgent warning detailing an ongoing spear-phishing campaign executed against private emails of Ukrainian officials, including the Ukrainian armed forces personnel. With a high level of confidence, CERT-UA attributes the malicious operation […]
On March 21, 2022, LAPSUS$ gang published a series of posts in their Telegram channel displaying screenshots of what they called Microsoft Bing and Cortana visual assistant source code. Besides 40 Gb of leaked data, they also showed a compromised administrative account of Okta, a platform that provides digital identity verification for individuals and organizations. […]
This article highlights the original research provided by CERT-UA: https://cert.gov.ua/article/37788Ā On March 16, 2022, the Computer Emergency Response Team from Ukraine CERT-UA identified a spear-phishing campaign aimed at infecting Ukrainian organizations with cyber-espionage malware. With a low level of confidence, given the tactics used, CERT-UA associates the identified activity with one of the top Russia-backed […]
On March 22, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) identified yet another nefarious malware targeting the infrastructure of Ukrainian state bodies and organizations across the country. Dubbed HeaderTip, the malicious strain is typically leveraged to drop additional DLL files to the infected instance.The revealed malicious activity is tracked under the UAC-0026 identifier, […]
This article is based on the original investigation by CERT-UA: https://cert.gov.ua/article/38088. On March 17, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) has found instances of yet another destructive malware used to target Ukrainian enterprises. The novel malware revealed by CERT-UA and dubbed DoubleZero adds to a strain of data destructive malware that recently […]
This article covers the original research carried out by CERT-UA: https://cert.gov.ua/article/37704 On March 11, 2022, Ukraine’s Computer Emergency Response Team (CERT-UA) reported about the mass distribution of fake emails targeting the Ukrainian state bodies. According to the CERT-UA research, the detected malicious activity can be attributed to the UAC-0056 hacking collective also tracked as SaintBear, […]
This article highlights the original research conducted by CERT-UA: https://cert.gov.ua/article/37688Ā On March 9, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) reported that Ukrainian government bodies were hit by a cyber-attack using the FormBook/XLoader malware. The malware was delivered if the user opened a malicious email attachment. FormBook and its more recent successor XLoader […]