Category: Spearphishing

Security FeedsAPTIoTSpearphishingFinancial malwareFeaturedSofacymalware descriptionVulnerabilities and exploitsWiperWormCyber espionageTargeted AttacksMobile MalwareTrojan-BankersZero-day vulnerabilitiesMalware reportsDATA LEAKHacking TeamNation State Sponsored Espionage

IT threat evolution Q1 2018

Targeted attacks and malware campaigns Skygofree:  sophisticated mobile surveillance In January, we uncovered a sophisticated mobile implant that provides attackers with remote control of infected Android devices.  The malware, called Skygofree (after one of the domains it uses), is a targeted cyber-surveillance tool that has been in development since 2014.  The malware is spread by means of spoofed web pages that mimic leading mobile providers.  The campaign is ongoing and our telemetry indicates that there have been several victims, all in Italy.  We feel…

Security FeedsIndustrial threatsCyberespionageICSIndustrial control systemsindustrial softwareIoTMalware StatisticsSecurity PoliciesSpearphishing

Threat Landscape for Industrial Automation Systems in H2 2017

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to global…

Security FeedsAPTSpearphishingAPT reportsmalware descriptionVulnerabilities and exploitsWiperWorm

The devil’s in the Rich header

In our previous blog, we detailed our findings on the attack against the Pyeongchang 2018 Winter Olympics. For this investigation, our analysts were provided with administrative access to one of the affected servers, located in a hotel based in Pyeongchang county, South Korea. In addition, we collected all available evidence from various private and public sources and worked with several companies to investigate the command and control (C&C) infrastructure associated with the attackers. During this investigation, one thing stood out – the attackers had…

Security FeedsAPTSpearphishingAPT reportsFeaturedmalware descriptionVulnerabilities and exploitsWiperWorm

OlympicDestroyer is here to trick the industry

A couple of days after the opening ceremony of the Winter Olympics in Pyeongchang, South Korea, we received information from several partners, on the condition of non-disclosure (TLP:Red), about a devastating malware attack on the Olympic infrastructure. A quick peek inside the malware revealed a destructive self-modifying password-stealing self-propagating malicious program, which by any definition sounds pretty bad. According to media reports, the organizers of the Pyeongchang Olympics confirmed they were investigating a cyberattack that temporarily paralyzed IT systems ahead of official opening ceremonies,…