Exploit This

Security News, Exploits, and Vulnerabilities.

To crypt, or to mine – that is the question

Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. Now the criminals have decided to add a new feature to their creation – a mining capability.

Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage

Kaspersky Lab exposes first ever publicly known Brazilian Portuguese cyberespionage campaign targeting financial institutions as well as telecommunications, manufacturing, energy and media companies. Poseidon Group is a commercial entity whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims.

I am HDRoot! Part 2

Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems.

I am HDRoot! Part 1

Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool.

Darkhotel’s attacks in 2015

In 2015, many of Darkhotel’s techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team.

Wild Neutron – Economic espionage threat actor returns with new tricks

A powerful threat actor known as “Wild Neutron” has been active since at least 2011, infecting high profile companies for several years by using a combination of exploits, watering holes and multi-platform malware.

Why You Shouldn’t Completely Trust Files Signed with Digital Certificates

Users trust files signed with digital certificates, so cybercriminals are always keen to attach these certificates to their malicious files. This article explores the main threats associated with signed files, and proposes practical ways of minimizing the risks associated with launching them.

‘Destover’ malware now digitally signed by Sony certificates (updated)

Several days ago, our products detected an unusual sample from the Destover family.

%d bloggers like this: