Exploit This

Security News, Exploits, and Vulnerabilities.

VPNFilter EXIF to C2 mechanism analysed

Our colleagues from Cisco Talos published their excellent analysis of VPNFilter, an IoT / router malware which exhibits some worrying characteristics. We’ve decided to look a bit into the C&C mechanism for the persistent malware payload.

IT threat evolution Q1 2018

In January, we uncovered a sophisticated mobile implant Skygofree that provides attackers with remote control of infected Android devices. Network worm OlympicDestroyer attacked on the Olympic infrastructure just before the opening of the games in February.

Who’s who in the Zoo

ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration.

APT Trends report Q1 2018

In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018.

Operation Parliament, who is doing what?

Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative, executive and judicial bodies around the world.

Your new friend, KLara

In R&D we use a lot of open-source projects and we believe giving back to the community is our way of saying ‘Thank you’. More and more security companies are releasing their open-source projects and we would like to contribute with our distributed YARA scanner.

Masha and these Bears

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile.

The Slingshot APT FAQ

While analyzing some memory dumps suspicious of being infected with a keylogger, we identified a library containing strings to interact with a virtual file system. This turned out to be a malicious loader internally named “Slingshot”.

The devil’s in the Rich header

In our previous blog , we detailed our findings about the attack against the Pyeongchang 2018 WinterOlympics. For this investigation, our analysts were provided with administrative access to one of the affected servers located in a hotel based in Pyeongchang county, South Korea. In addition, we collected all available evidence from various private and public sources and worked with several companies on investigating the C&C infrastructure associated with the attackers.

OlympicDestroyer is here to trick the industry

A couple of days after the opening ceremony of the Winter Olympics in Pyeongchang, South Korea, we received information from several partners, on the condition of non-disclosure (TLP:Red), about a devastating malware attack on the Olympic infrastructure.

%d bloggers like this: