PRINT
PRINT
SEND MAIL
SEND MAIL

Category: Sofacy

NEW TOOLS

Fud 100% services packages ready for sales

We offer a monthly Crypter service to make your files undetectable encrypted! this is how it works: You zip the files you want to encrypt and send them to our email cybersec@cybeseclabs.com then we will encrypt and make your files/file fud 100% (undetectable by any antivirus) and send them back to your email! We offer 3 packages: Standard Prenium Ultimate All those packages offer some unique futures to encrypt your file!  

Windows10

Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

APTAPT reportsCyber espionageIndustrial threatsSecurity FeedsSofacySpear PhishingTargeted AttacksVulnerabilities and exploits

GreyEnergy’s overlap with Zebrocy

In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy (a.k.a. Sandworm) is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015, which led to power outages. Like its predecessor, GreyEnergy malware has been detected attacking industrial and ICS targets, mainly in Ukraine. Kaspersky Lab ICS CERT has identified an overlap between GreyEnergy and a Sofacy subset called “Zebrocy”. The…

APTAPT reportsDropperFeaturedMalware DescriptionsSecurity FeedsSofacySpear PhishingTargeted Attacks

A Zebrocy Go Downloader

Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy cluster has carved a new approach to malware development and delivery to the world of Sofacy. In line with this approach, we will present more on this…

APTAPT reportsIndustrial threatsLazarusNation State Sponsored EspionageOlympic DestroyerSecurity FeedsSofacyTargeted AttacksTurla

APT review of the year

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it’s never possible to really understand the motivations of some attacks or the developments behind them. Still, with the benefit of hindsight, let’s try to approach the problem from different angles to get a better understanding of what went on. On big actors There are a few ‘traditional’ actors that are very…

APTBrowser PluginsCybercrimeData leaksFeaturedFinancial malwareInternet of ThingsKaspersky Security BulletinMobile SecurityOlympic DestroyerSecurity FeedsSmart homeSofacyTargeted AttacksTrojan BankerTurlaVulnerabilities and exploits

Kaspersky Security Bulletin 2018. Top security stories

Introduction The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of data, disruption, damage, reputational damage or simply ‘for the lulz’. The result is a threat landscape that ranges from highly sophisticated targeted attacks to opportunistic cybercrime. All too often,…

APTAPT reportsFinancial malwareOlympic DestroyerSecurity FeedsSofacyTargeted Attacks

Threats in the Netherlands

Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy (also known as APT28 or Fancy Bear, among others). According to the MIVD, four suspects were caught red handed trying to break into the OPWC’s network. Sofacy activity in the Netherlands did not come as a surprise to us, since we have seen signs of its presence in that country before. However, aside from Sofacy we…

APTCyber espionageDATA LEAKFeaturedFinancial malwareHacking TeamIoTmalware descriptionMalware reportsMobile MalwareNation State Sponsored EspionageSecurity FeedsSofacySpearphishingTargeted AttacksTrojan-BankersVulnerabilities and exploitsWiperWormZero-day vulnerabilities

IT threat evolution Q1 2018

Targeted attacks and malware campaigns Skygofree:  sophisticated mobile surveillance In January, we uncovered a sophisticated mobile implant that provides attackers with remote control of infected Android devices.  The malware, called Skygofree (after one of the domains it uses), is a targeted cyber-surveillance tool that has been in development since 2014.  The malware is spread by means of spoofed web pages that mimic leading mobile providers.  The campaign is ongoing and our telemetry indicates that there have been several victims, all in Italy.  We feel…

APTAPT criminalAPT reportsFeaturedSecurity FeedsSofacyTargeted attack

Masha and these Bears

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile. Our previous post on their 2017 activity stepped away from the previously covered headline buzz presenting their association with previously known political hacks and interest in Europe and the US, and examines their under-reported ongoing activity in middle east, central asia, and now a…