Exploit This

Security News, Exploits, and Vulnerabilities.

Octopus-infested seas of Central Asia

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users. We named the actor DustSquad and have provided reports on four of their campaigns. In this blogpost we cover a malicious program for Windows called Octopus that mostly targets diplomatic entities.

AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

Original release date: October 11, 2018
Summary
This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][…

Threats in the Netherlands

For this blogpost we gathered all the sinkhole data for Dutch IPs in the last four years, which amounts to around 85,000 entries. The aim is to give an overview of which APT groups are active in the Netherlands and what they are interested in.

MuddyWater expands operations

MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US.

Zero-day exploit (CVE-2018-8453) used in targeted attacks

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. Microsoft confirmed the vulnerability and designated it CVE-2018-8453.

Shedding Skin – Turla’s Fresh Faces

Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT.

TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

Original release date: October 03, 2018
Systems Affected
Network Systems
Overview
The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltr…

TA18-276A: Using Rigorous Credential Control to Mitigate Trusted Network Exploitation

Original release date: October 03, 2018
Systems Affected
Network Systems
Overview
This technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credent…

TA18-275A: HIDDEN COBRA – FASTCash Campaign

Original release date: October 02, 2018
Systems Affected
Retail Payment Systems
Overview
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Depar…

Roaming Mantis part III: iOS crypto-mining and spreading via malicious content delivery system

In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. During our research, it became clear that Roaming Mantis has been rather active and has evolved quickly. The group’s malware now supports 27 languages, including multiple countries from Asia and beyond, Europe and the Middle East.

%d bloggers like this: